Snort - Network Intrusion Detection & Prevention System

Talos Rules 2026-04-21

This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the os-windows, protocol-scada and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

29200

2026-04-21 12:00:11 UTC

Snort Subscriber Rules Update

Date: 2026-04-21

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:66307 <-> DISABLED <-> SERVER-WEBAPP GLPI Inventory Agent SQL injection attempt (server-webapp.rules)
 * 1:66308 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66309 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66310 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66311 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66312 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66313 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66314 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt (server-webapp.rules)
 * 1:66315 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt (server-webapp.rules)
 * 1:66316 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt (server-webapp.rules)
 * 1:66317 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66318 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66319 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66320 <-> DISABLED <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt (server-webapp.rules)
 * 1:66321 <-> DISABLED <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt (server-webapp.rules)
 * 1:66322 <-> DISABLED <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt (server-webapp.rules)
 * 1:66323 <-> DISABLED <-> SERVER-WEBAPP Centreon Web generateImage.php SQL injection attempt (server-webapp.rules)
 * 1:66324 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt (server-webapp.rules)
 * 1:66325 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt (server-webapp.rules)
 * 1:66326 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt (server-webapp.rules)
 * 1:66327 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt (server-webapp.rules)
 * 1:66328 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt (server-webapp.rules)
 * 1:66329 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt (server-webapp.rules)
 * 1:66330 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt (server-webapp.rules)
 * 1:66331 <-> ENABLED <-> SERVER-WEBAPP Apache ActiveMQ remote code execution attempt (server-webapp.rules)
 * 1:66332 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected (protocol-scada.rules)
 * 1:66333 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected (protocol-scada.rules)
 * 1:66334 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected (protocol-scada.rules)
 * 1:66335 <-> DISABLED <-> SERVER-WEBAPP Siemens SINEC NMS moveFolder SQL injection attempt (server-webapp.rules)
 * 1:66336 <-> DISABLED <-> SERVER-WEBAPP FlowiseAI Flowise arbitrary code execution attempt (server-webapp.rules)
 * 1:66337 <-> DISABLED <-> SERVER-WEBAPP Advantech iView SQL injection attempt (server-webapp.rules)
 * 1:66338 <-> DISABLED <-> SERVER-WEBAPP Advantech iView SQL injection attempt (server-webapp.rules)
 * 1:66339 <-> DISABLED <-> SERVER-WEBAPP Advantech iView SQL injection attempt (server-webapp.rules)
 * 1:66340 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio git clone argument injection attempt (os-windows.rules)
 * 1:66341 <-> DISABLED <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt (server-other.rules)
 * 1:66342 <-> DISABLED <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt (server-other.rules)
 * 1:66343 <-> DISABLED <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt (server-other.rules)
 * 1:66344 <-> DISABLED <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt (server-other.rules)
 * 1:66345 <-> DISABLED <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt (server-other.rules)
 * 1:66346 <-> DISABLED <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt (server-other.rules)
 * 1:66347 <-> DISABLED <-> SERVER-WEBAPP Parse Server SQL injection attempt (server-webapp.rules)
 * 1:66348 <-> DISABLED <-> SERVER-WEBAPP Parse Server SQL injection attempt (server-webapp.rules)
 * 1:66349 <-> DISABLED <-> SERVER-WEBAPP Parse Server SQL injection attempt (server-webapp.rules)
 * 1:66350 <-> DISABLED <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt (server-webapp.rules)
 * 1:66351 <-> DISABLED <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt (server-webapp.rules)
 * 1:66352 <-> DISABLED <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt (server-webapp.rules)
 * 1:66353 <-> DISABLED <-> SERVER-WEBAPP Zimbra Collaboration SQL injection attempt (server-webapp.rules)

Modified Rules:


 * 1:45112 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt (server-webapp.rules)
 * 1:45113 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt (server-webapp.rules)

29181

2026-04-21 12:00:11 UTC

Snort Subscriber Rules Update

Date: 2026-04-21

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:66343 <-> DISABLED <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt (server-other.rules)
 * 1:66344 <-> DISABLED <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt (server-other.rules)
 * 1:66345 <-> DISABLED <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt (server-other.rules)
 * 1:66307 <-> DISABLED <-> SERVER-WEBAPP GLPI Inventory Agent SQL injection attempt (server-webapp.rules)
 * 1:66308 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66309 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66310 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66311 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66312 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66313 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66314 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt (server-webapp.rules)
 * 1:66315 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt (server-webapp.rules)
 * 1:66316 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt (server-webapp.rules)
 * 1:66317 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66318 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66319 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66320 <-> DISABLED <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt (server-webapp.rules)
 * 1:66321 <-> DISABLED <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt (server-webapp.rules)
 * 1:66322 <-> DISABLED <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt (server-webapp.rules)
 * 1:66323 <-> DISABLED <-> SERVER-WEBAPP Centreon Web generateImage.php SQL injection attempt (server-webapp.rules)
 * 1:66324 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt (server-webapp.rules)
 * 1:66325 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt (server-webapp.rules)
 * 1:66326 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt (server-webapp.rules)
 * 1:66327 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt (server-webapp.rules)
 * 1:66328 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt (server-webapp.rules)
 * 1:66329 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt (server-webapp.rules)
 * 1:66330 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt (server-webapp.rules)
 * 1:66331 <-> ENABLED <-> SERVER-WEBAPP Apache ActiveMQ remote code execution attempt (server-webapp.rules)
 * 1:66332 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected (protocol-scada.rules)
 * 1:66333 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected (protocol-scada.rules)
 * 1:66334 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected (protocol-scada.rules)
 * 1:66335 <-> DISABLED <-> SERVER-WEBAPP Siemens SINEC NMS moveFolder SQL injection attempt (server-webapp.rules)
 * 1:66336 <-> DISABLED <-> SERVER-WEBAPP FlowiseAI Flowise arbitrary code execution attempt (server-webapp.rules)
 * 1:66337 <-> DISABLED <-> SERVER-WEBAPP Advantech iView SQL injection attempt (server-webapp.rules)
 * 1:66338 <-> DISABLED <-> SERVER-WEBAPP Advantech iView SQL injection attempt (server-webapp.rules)
 * 1:66339 <-> DISABLED <-> SERVER-WEBAPP Advantech iView SQL injection attempt (server-webapp.rules)
 * 1:66340 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio git clone argument injection attempt (os-windows.rules)
 * 1:66341 <-> DISABLED <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt (server-other.rules)
 * 1:66342 <-> DISABLED <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt (server-other.rules)
 * 1:66348 <-> DISABLED <-> SERVER-WEBAPP Parse Server SQL injection attempt (server-webapp.rules)
 * 1:66347 <-> DISABLED <-> SERVER-WEBAPP Parse Server SQL injection attempt (server-webapp.rules)
 * 1:66346 <-> DISABLED <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt (server-other.rules)
 * 1:66349 <-> DISABLED <-> SERVER-WEBAPP Parse Server SQL injection attempt (server-webapp.rules)
 * 1:66350 <-> DISABLED <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt (server-webapp.rules)
 * 1:66351 <-> DISABLED <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt (server-webapp.rules)
 * 1:66352 <-> DISABLED <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt (server-webapp.rules)
 * 1:66353 <-> DISABLED <-> SERVER-WEBAPP Zimbra Collaboration SQL injection attempt (server-webapp.rules)

Modified Rules:


 * 1:45113 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt (server-webapp.rules)
 * 1:45112 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt (server-webapp.rules)

29171

2026-04-21 12:00:11 UTC

Snort Subscriber Rules Update

Date: 2026-04-21

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:66341 <-> DISABLED <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt (server-other.rules)
 * 1:66342 <-> DISABLED <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt (server-other.rules)
 * 1:66345 <-> DISABLED <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt (server-other.rules)
 * 1:66347 <-> DISABLED <-> SERVER-WEBAPP Parse Server SQL injection attempt (server-webapp.rules)
 * 1:66346 <-> DISABLED <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt (server-other.rules)
 * 1:66348 <-> DISABLED <-> SERVER-WEBAPP Parse Server SQL injection attempt (server-webapp.rules)
 * 1:66349 <-> DISABLED <-> SERVER-WEBAPP Parse Server SQL injection attempt (server-webapp.rules)
 * 1:66350 <-> DISABLED <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt (server-webapp.rules)
 * 1:66351 <-> DISABLED <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt (server-webapp.rules)
 * 1:66352 <-> DISABLED <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt (server-webapp.rules)
 * 1:66353 <-> DISABLED <-> SERVER-WEBAPP Zimbra Collaboration SQL injection attempt (server-webapp.rules)
 * 1:66336 <-> DISABLED <-> SERVER-WEBAPP FlowiseAI Flowise arbitrary code execution attempt (server-webapp.rules)
 * 1:66335 <-> DISABLED <-> SERVER-WEBAPP Siemens SINEC NMS moveFolder SQL injection attempt (server-webapp.rules)
 * 1:66334 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected (protocol-scada.rules)
 * 1:66337 <-> DISABLED <-> SERVER-WEBAPP Advantech iView SQL injection attempt (server-webapp.rules)
 * 1:66338 <-> DISABLED <-> SERVER-WEBAPP Advantech iView SQL injection attempt (server-webapp.rules)
 * 1:66339 <-> DISABLED <-> SERVER-WEBAPP Advantech iView SQL injection attempt (server-webapp.rules)
 * 1:66340 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio git clone argument injection attempt (os-windows.rules)
 * 1:66343 <-> DISABLED <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt (server-other.rules)
 * 1:66344 <-> DISABLED <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt (server-other.rules)
 * 1:66307 <-> DISABLED <-> SERVER-WEBAPP GLPI Inventory Agent SQL injection attempt (server-webapp.rules)
 * 1:66309 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66308 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66311 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66310 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66313 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66312 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66315 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt (server-webapp.rules)
 * 1:66314 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt (server-webapp.rules)
 * 1:66317 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66316 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt (server-webapp.rules)
 * 1:66319 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66318 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:66321 <-> DISABLED <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt (server-webapp.rules)
 * 1:66320 <-> DISABLED <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt (server-webapp.rules)
 * 1:66323 <-> DISABLED <-> SERVER-WEBAPP Centreon Web generateImage.php SQL injection attempt (server-webapp.rules)
 * 1:66322 <-> DISABLED <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt (server-webapp.rules)
 * 1:66325 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt (server-webapp.rules)
 * 1:66324 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt (server-webapp.rules)
 * 1:66329 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt (server-webapp.rules)
 * 1:66326 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt (server-webapp.rules)
 * 1:66327 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt (server-webapp.rules)
 * 1:66328 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt (server-webapp.rules)
 * 1:66331 <-> ENABLED <-> SERVER-WEBAPP Apache ActiveMQ remote code execution attempt (server-webapp.rules)
 * 1:66330 <-> DISABLED <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt (server-webapp.rules)
 * 1:66332 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected (protocol-scada.rules)
 * 1:66333 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected (protocol-scada.rules)

Modified Rules:


 * 1:45112 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt (server-webapp.rules)
 * 1:45113 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt (server-webapp.rules)

3200

2026-04-21 12:03:02 UTC

Snort Subscriber Rules Update

Date: 2026-04-20-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.2.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:66307 <-> SERVER-WEBAPP GLPI Inventory Agent SQL injection attempt
* 1:66308 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66309 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66310 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66311 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66312 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66313 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66314 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66315 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66316 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66317 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66318 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66319 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66320 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66321 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66322 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66323 <-> SERVER-WEBAPP Centreon Web generateImage.php SQL injection attempt
* 1:66324 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66325 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66326 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66327 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66328 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66329 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66330 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66331 <-> SERVER-WEBAPP Apache ActiveMQ remote code execution attempt
* 1:66332 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66333 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66334 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66335 <-> SERVER-WEBAPP Siemens SINEC NMS moveFolder SQL injection attempt
* 1:66336 <-> SERVER-WEBAPP FlowiseAI Flowise arbitrary code execution attempt
* 1:66337 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66338 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66339 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66340 <-> OS-WINDOWS Microsoft Visual Studio git clone argument injection attempt
* 1:66341 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66342 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66343 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66344 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66345 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66346 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66347 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66348 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66349 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66350 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66351 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66352 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66353 <-> SERVER-WEBAPP Zimbra Collaboration SQL injection attempt

Modified Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt
* 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:300210 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300211 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300247 <-> SERVER-WEBAPP PAN-OS Simple Certificate Enrollment Protocol arbitrary PHP file upload attempt
* 1:300305 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:300361 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:300376 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300377 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300378 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300477 <-> SERVER-WEBAPP Avaya Aura Device Services cross site scripting attempt
* 1:300521 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:300523 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300785 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300786 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300787 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:300804 <-> SERVER-WEBAPP GitLab password reset authentication bypass attempt
* 1:300805 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:300847 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:300848 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:45112 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:45113 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58670 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58671 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58672 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58676 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58677 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58678 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt
* 1:58721 <-> SERVER-WEBAPP Grafana getPluginAssets path traversal attempt
* 1:58745 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58746 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58747 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58748 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58797 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58798 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58799 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58800 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58855 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway register2 Client SQL injection attempt
* 1:58857 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58858 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58861 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58862 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58863 <-> SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt
* 1:58864 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58905 <-> SERVER-WEBAPP OneDev AttachmentUploadServet arbitrary Java deserialization attempt
* 1:58959 <-> SERVER-WEBAPP WordPress Core SQL injection attempt
* 1:58960 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58961 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58962 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58966 <-> SERVER-WEBAPP Apache Airflow command injection attempt
* 1:58974 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58975 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58976 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58977 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58980 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58981 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58982 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58983 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58985 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58986 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58995 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58996 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58997 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58998 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:59003 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise SQL injection attempt
* 1:59017 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Java expression language injection attempt
* 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59080 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59081 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59082 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59090 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData API SQL injection attempt
* 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt
* 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt
* 1:59236 <-> SERVER-WEBAPP Sitecore XP insecure deserialization attempt
* 1:59246 <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt
* 1:59292 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59293 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59298 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59299 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
* 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt
* 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59482 <-> SERVER-WEBAPP Oracle Business Intelligencee BIRemotingServlet deserialization remote code execution attempt
* 1:59483 <-> SERVER-WEBAPP GilaCMS arbitrary php file upload attempt
* 1:59499 <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt
* 1:59514 <-> SERVER-WEBAPP CentOS Web Panel authentication bypass attempt
* 1:59515 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59516 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59517 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt
* 1:59804 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59805 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59806 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59807 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59808 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59809 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59810 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59811 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59812 <-> SERVER-WEBAPP Citrix SD-WAN Appliance SQL injection attempt
* 1:59813 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59814 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59815 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59816 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59817 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59818 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59819 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59820 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt
* 1:59910 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59911 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59912 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59913 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59914 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59915 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59916 <-> SERVER-WEBAPP Netgear ProSAFE switch debug command execution attempt
* 1:59921 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59922 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59923 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59924 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59925 <-> SERVER-WEBAPP Multiple products OGNL expression injection attempt
* 1:59934 <-> SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt
* 1:59939 <-> SERVER-WEBAPP Zyxel Firewall command injection attempt
* 1:59940 <-> SERVER-WEBAPP DotCMS directory traversal attempt
* 1:59951 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59952 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59953 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59954 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59959 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59960 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59961 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59962 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59963 <-> SERVER-WEBAPP FatPipe WARP and VPN arbitrary JSP file upload attempt
* 1:59964 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59965 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59966 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59976 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59977 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59978 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:60043 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60044 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60045 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60046 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60062 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60063 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60064 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60065 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60073 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60074 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60075 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60085 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60086 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60087 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60092 <-> SERVER-WEBAPP Kaseya VSA arbitrary JSP file upload attempt
* 1:60093 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60094 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60095 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60107 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60108 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60109 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60110 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60111 <-> SERVER-WEBAPP SAP NetWeaver arbitrary JSP file upload attempt
* 1:60112 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60113 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60114 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60121 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60122 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60156 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60157 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60158 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60159 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60160 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60161 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60162 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60165 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:60167 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60168 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60169 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60170 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60171 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60172 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60173 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60230 <-> SERVER-WEBAPP NETGEAR router remote code execution attempt
* 1:60231 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60232 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60233 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60234 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60235 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60236 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60241 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60242 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60256 <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt
* 1:60257 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60258 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60259 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60262 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60263 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60328 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60329 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60358 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60359 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60360 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60361 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60364 <-> SERVER-WEBAPP AudioCode 400HD command injection attempt
* 1:60403 <-> SERVER-WEBAPP VMware Workspace ONE Access and vRealize Automation authentication bypass attempt
* 1:60418 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60419 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60420 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60421 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60434 <-> SERVER-WEBAPP Zimbra directory traversal remote code execution attempt
* 1:60486 <-> SERVER-WEBAPP Microsoft Exchange Server MailboxExport arbitrary file write attempt
* 1:60509 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60510 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60511 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60561 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60562 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60563 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60564 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60565 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60566 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60567 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60568 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60609 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60610 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60633 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60635 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60636 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60642 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60670 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60671 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60672 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60673 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60674 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60675 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60676 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60677 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60678 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60679 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60680 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60697 <-> SERVER-WEBAPP VICIdial user_stats.php SQL injection attempt
* 1:60729 <-> SERVER-WEBAPP vm2 remote code execution attempt
* 1:60784 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60786 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60789 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60791 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60792 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
* 1:60803 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60804 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60840 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60841 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60842 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60855 <-> SERVER-WEBAPP JXPath remote code execution attempt
* 1:61042 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:61068 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61109 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61114 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-WEBAPP Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61117 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61120 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61122 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61123 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61124 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61126 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61127 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-WEBAPP Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61135 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61139 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61141 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61144 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61149 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61177 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61178 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61179 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP file injection attempt
* 1:61180 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61181 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61194 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:61418 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61419 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61420 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61421 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61451 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61452 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61453 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61534 <-> SERVER-WEBAPP Avaya Aura Device Services PhoneBackup arbitrary PHP file upload attempt
* 1:61579 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61580 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61581 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61677 <-> SERVER-WEBAPP PaperCut MF/NG PrintScript sandbox setting modification attempt
* 1:61690 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61691 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61698 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:61709 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:61766 <-> SERVER-WEBAPP PaperCut MF/NG remote code execution attempt
* 1:62036 <-> SERVER-WEBAPP LB-Link Multiple BL Routers command injection attempt
* 1:62043 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62044 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62045 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62046 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62113 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62114 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62115 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62116 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62204 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62205 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62206 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62207 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62230 <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router ViewLog.asp command injection attempt
* 1:62240 <-> SERVER-WEBAPP Trend Micro Mobile Security for Enterprise directory traversal attempt
* 1:62249 <-> SERVER-WEBAPP Node.js vm2 Proxy sandbox escape attempt
* 1:62346 <-> SERVER-WEBAPP Ivanti Sentry MICSLogService command execution attempt
* 1:62384 <-> SERVER-WEBAPP WordPress wpForo Plugin file inclusion attempt
* 1:62512 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62513 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62520 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62521 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62522 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62523 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62555 <-> SERVER-WEBAPP Progress WS_FTP Server insecure deserialization attempt
* 1:62629 <-> SERVER-WEBAPP Atlassian Confluence authentication bypass attempt
* 1:62677 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62678 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62679 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62695 <-> SERVER-WEBAPP ownCloud Graph API information disclosure attempt
* 1:62758 <-> SERVER-WEBAPP PHPFusion downloads.php command injection attempt
* 1:62761 <-> SERVER-WEBAPP Qlik Sense Enterprise HTTP tunneling attempt
* 1:62776 <-> SERVER-WEBAPP Qlik Sense Enterprise directory traversal attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:62828 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62829 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62845 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62846 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62851 <-> SERVER-WEBAPP Schneider Electric IIoT Monitor frmUpdateSetting directory traversal attempt
* 1:62886 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62888 <-> SERVER-WEBAPP Apache Superset unsafe database connection string attempt
* 1:62950 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:62951 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:63309 <-> SERVER-WEBAPP Palo Alto Networks Firewall directory traversal attempt
* 1:63310 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63311 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63313 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63314 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63604 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:63855 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:65184 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt

3351

2026-04-21 12:03:02 UTC

Snort Subscriber Rules Update

Date: 2026-04-20-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.3.5.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:66307 <-> SERVER-WEBAPP GLPI Inventory Agent SQL injection attempt
* 1:66308 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66309 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66310 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66311 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66312 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66313 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66314 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66315 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66316 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66317 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66318 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66319 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66320 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66321 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66322 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66323 <-> SERVER-WEBAPP Centreon Web generateImage.php SQL injection attempt
* 1:66324 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66325 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66326 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66327 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66328 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66329 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66330 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66331 <-> SERVER-WEBAPP Apache ActiveMQ remote code execution attempt
* 1:66332 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66333 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66334 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66335 <-> SERVER-WEBAPP Siemens SINEC NMS moveFolder SQL injection attempt
* 1:66336 <-> SERVER-WEBAPP FlowiseAI Flowise arbitrary code execution attempt
* 1:66337 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66338 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66339 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66340 <-> OS-WINDOWS Microsoft Visual Studio git clone argument injection attempt
* 1:66341 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66342 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66343 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66344 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66345 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66346 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66347 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66348 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66349 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66350 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66351 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66352 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66353 <-> SERVER-WEBAPP Zimbra Collaboration SQL injection attempt

Modified Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt
* 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:300210 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300211 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300247 <-> SERVER-WEBAPP PAN-OS Simple Certificate Enrollment Protocol arbitrary PHP file upload attempt
* 1:300305 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:300361 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:300376 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300377 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300378 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300477 <-> SERVER-WEBAPP Avaya Aura Device Services cross site scripting attempt
* 1:300521 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:300523 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300785 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300786 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300787 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:300804 <-> SERVER-WEBAPP GitLab password reset authentication bypass attempt
* 1:300805 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:300847 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:300848 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:45112 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:45113 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58670 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58671 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58672 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58676 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58677 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58678 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt
* 1:58721 <-> SERVER-WEBAPP Grafana getPluginAssets path traversal attempt
* 1:58745 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58746 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58747 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58748 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58797 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58798 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58799 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58800 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58855 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway register2 Client SQL injection attempt
* 1:58857 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58858 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58861 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58862 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58863 <-> SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt
* 1:58864 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58905 <-> SERVER-WEBAPP OneDev AttachmentUploadServet arbitrary Java deserialization attempt
* 1:58959 <-> SERVER-WEBAPP WordPress Core SQL injection attempt
* 1:58960 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58961 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58962 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58966 <-> SERVER-WEBAPP Apache Airflow command injection attempt
* 1:58974 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58975 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58976 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58977 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58980 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58981 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58982 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58983 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58985 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58986 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58995 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58996 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58997 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58998 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:59003 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise SQL injection attempt
* 1:59017 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Java expression language injection attempt
* 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59080 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59081 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59082 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59090 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData API SQL injection attempt
* 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt
* 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt
* 1:59236 <-> SERVER-WEBAPP Sitecore XP insecure deserialization attempt
* 1:59246 <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt
* 1:59292 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59293 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59298 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59299 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
* 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt
* 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59482 <-> SERVER-WEBAPP Oracle Business Intelligencee BIRemotingServlet deserialization remote code execution attempt
* 1:59483 <-> SERVER-WEBAPP GilaCMS arbitrary php file upload attempt
* 1:59499 <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt
* 1:59514 <-> SERVER-WEBAPP CentOS Web Panel authentication bypass attempt
* 1:59515 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59516 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59517 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt
* 1:59804 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59805 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59806 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59807 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59808 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59809 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59810 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59811 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59812 <-> SERVER-WEBAPP Citrix SD-WAN Appliance SQL injection attempt
* 1:59813 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59814 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59815 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59816 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59817 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59818 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59819 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59820 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt
* 1:59910 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59911 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59912 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59913 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59914 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59915 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59916 <-> SERVER-WEBAPP Netgear ProSAFE switch debug command execution attempt
* 1:59921 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59922 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59923 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59924 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59925 <-> SERVER-WEBAPP Multiple products OGNL expression injection attempt
* 1:59934 <-> SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt
* 1:59939 <-> SERVER-WEBAPP Zyxel Firewall command injection attempt
* 1:59940 <-> SERVER-WEBAPP DotCMS directory traversal attempt
* 1:59951 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59952 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59953 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59954 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59959 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59960 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59961 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59962 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59963 <-> SERVER-WEBAPP FatPipe WARP and VPN arbitrary JSP file upload attempt
* 1:59964 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59965 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59966 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59976 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59977 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59978 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:60043 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60044 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60045 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60046 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60062 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60063 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60064 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60065 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60073 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60074 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60075 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60085 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60086 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60087 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60092 <-> SERVER-WEBAPP Kaseya VSA arbitrary JSP file upload attempt
* 1:60093 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60094 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60095 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60107 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60108 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60109 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60110 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60111 <-> SERVER-WEBAPP SAP NetWeaver arbitrary JSP file upload attempt
* 1:60112 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60113 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60114 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60121 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60122 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60156 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60157 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60158 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60159 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60160 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60161 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60162 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60165 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:60167 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60168 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60169 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60170 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60171 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60172 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60173 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60230 <-> SERVER-WEBAPP NETGEAR router remote code execution attempt
* 1:60231 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60232 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60233 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60234 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60235 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60236 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60241 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60242 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60256 <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt
* 1:60257 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60258 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60259 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60262 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60263 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60328 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60329 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60358 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60359 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60360 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60361 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60364 <-> SERVER-WEBAPP AudioCode 400HD command injection attempt
* 1:60403 <-> SERVER-WEBAPP VMware Workspace ONE Access and vRealize Automation authentication bypass attempt
* 1:60418 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60419 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60420 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60421 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60434 <-> SERVER-WEBAPP Zimbra directory traversal remote code execution attempt
* 1:60486 <-> SERVER-WEBAPP Microsoft Exchange Server MailboxExport arbitrary file write attempt
* 1:60509 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60510 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60511 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60561 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60562 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60563 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60564 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60565 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60566 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60567 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60568 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60609 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60610 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60633 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60635 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60636 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60642 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60670 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60671 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60672 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60673 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60674 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60675 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60676 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60677 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60678 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60679 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60680 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60697 <-> SERVER-WEBAPP VICIdial user_stats.php SQL injection attempt
* 1:60729 <-> SERVER-WEBAPP vm2 remote code execution attempt
* 1:60784 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60786 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60789 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60791 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60792 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
* 1:60803 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60804 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60840 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60841 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60842 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60855 <-> SERVER-WEBAPP JXPath remote code execution attempt
* 1:61042 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:61068 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61109 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61114 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-WEBAPP Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61117 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61120 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61122 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61123 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61124 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61126 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61127 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-WEBAPP Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61135 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61139 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61141 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61144 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61149 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61177 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61178 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61179 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP file injection attempt
* 1:61180 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61181 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61194 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:61418 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61419 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61420 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61421 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61451 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61452 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61453 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61534 <-> SERVER-WEBAPP Avaya Aura Device Services PhoneBackup arbitrary PHP file upload attempt
* 1:61579 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61580 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61581 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61677 <-> SERVER-WEBAPP PaperCut MF/NG PrintScript sandbox setting modification attempt
* 1:61690 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61691 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61698 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:61709 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:61766 <-> SERVER-WEBAPP PaperCut MF/NG remote code execution attempt
* 1:62036 <-> SERVER-WEBAPP LB-Link Multiple BL Routers command injection attempt
* 1:62043 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62044 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62045 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62046 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62113 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62114 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62115 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62116 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62204 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62205 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62206 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62207 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62230 <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router ViewLog.asp command injection attempt
* 1:62240 <-> SERVER-WEBAPP Trend Micro Mobile Security for Enterprise directory traversal attempt
* 1:62249 <-> SERVER-WEBAPP Node.js vm2 Proxy sandbox escape attempt
* 1:62346 <-> SERVER-WEBAPP Ivanti Sentry MICSLogService command execution attempt
* 1:62384 <-> SERVER-WEBAPP WordPress wpForo Plugin file inclusion attempt
* 1:62512 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62513 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62520 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62521 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62522 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62523 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62555 <-> SERVER-WEBAPP Progress WS_FTP Server insecure deserialization attempt
* 1:62629 <-> SERVER-WEBAPP Atlassian Confluence authentication bypass attempt
* 1:62677 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62678 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62679 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62695 <-> SERVER-WEBAPP ownCloud Graph API information disclosure attempt
* 1:62758 <-> SERVER-WEBAPP PHPFusion downloads.php command injection attempt
* 1:62761 <-> SERVER-WEBAPP Qlik Sense Enterprise HTTP tunneling attempt
* 1:62776 <-> SERVER-WEBAPP Qlik Sense Enterprise directory traversal attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:62828 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62829 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62845 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62846 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62851 <-> SERVER-WEBAPP Schneider Electric IIoT Monitor frmUpdateSetting directory traversal attempt
* 1:62886 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62888 <-> SERVER-WEBAPP Apache Superset unsafe database connection string attempt
* 1:62950 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:62951 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:63309 <-> SERVER-WEBAPP Palo Alto Networks Firewall directory traversal attempt
* 1:63310 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63311 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63313 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63314 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63604 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:63855 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:65184 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt

3360

2026-04-21 12:03:02 UTC

Snort Subscriber Rules Update

Date: 2026-04-20-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.3.6.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:66307 <-> SERVER-WEBAPP GLPI Inventory Agent SQL injection attempt
* 1:66308 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66309 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66310 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66311 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66312 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66313 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66314 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66315 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66316 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66317 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66318 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66319 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66320 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66321 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66322 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66323 <-> SERVER-WEBAPP Centreon Web generateImage.php SQL injection attempt
* 1:66324 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66325 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66326 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66327 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66328 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66329 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66330 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66331 <-> SERVER-WEBAPP Apache ActiveMQ remote code execution attempt
* 1:66332 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66333 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66334 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66335 <-> SERVER-WEBAPP Siemens SINEC NMS moveFolder SQL injection attempt
* 1:66336 <-> SERVER-WEBAPP FlowiseAI Flowise arbitrary code execution attempt
* 1:66337 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66338 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66339 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66340 <-> OS-WINDOWS Microsoft Visual Studio git clone argument injection attempt
* 1:66341 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66342 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66343 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66344 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66345 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66346 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66347 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66348 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66349 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66350 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66351 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66352 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66353 <-> SERVER-WEBAPP Zimbra Collaboration SQL injection attempt

Modified Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt
* 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:300210 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300211 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300247 <-> SERVER-WEBAPP PAN-OS Simple Certificate Enrollment Protocol arbitrary PHP file upload attempt
* 1:300305 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:300361 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:300376 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300377 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300378 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300477 <-> SERVER-WEBAPP Avaya Aura Device Services cross site scripting attempt
* 1:300521 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:300523 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300785 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300786 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300787 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:300804 <-> SERVER-WEBAPP GitLab password reset authentication bypass attempt
* 1:300805 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:300847 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:300848 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:45112 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:45113 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58670 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58671 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58672 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58676 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58677 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58678 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt
* 1:58721 <-> SERVER-WEBAPP Grafana getPluginAssets path traversal attempt
* 1:58745 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58746 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58747 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58748 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58797 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58798 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58799 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58800 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58855 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway register2 Client SQL injection attempt
* 1:58857 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58858 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58861 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58862 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58863 <-> SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt
* 1:58864 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58905 <-> SERVER-WEBAPP OneDev AttachmentUploadServet arbitrary Java deserialization attempt
* 1:58959 <-> SERVER-WEBAPP WordPress Core SQL injection attempt
* 1:58960 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58961 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58962 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58966 <-> SERVER-WEBAPP Apache Airflow command injection attempt
* 1:58974 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58975 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58976 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58977 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58980 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58981 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58982 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58983 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58985 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58986 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58995 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58996 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58997 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58998 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:59003 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise SQL injection attempt
* 1:59017 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Java expression language injection attempt
* 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59080 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59081 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59082 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59090 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData API SQL injection attempt
* 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt
* 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt
* 1:59236 <-> SERVER-WEBAPP Sitecore XP insecure deserialization attempt
* 1:59246 <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt
* 1:59292 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59293 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59298 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59299 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
* 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt
* 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59482 <-> SERVER-WEBAPP Oracle Business Intelligencee BIRemotingServlet deserialization remote code execution attempt
* 1:59483 <-> SERVER-WEBAPP GilaCMS arbitrary php file upload attempt
* 1:59499 <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt
* 1:59514 <-> SERVER-WEBAPP CentOS Web Panel authentication bypass attempt
* 1:59515 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59516 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59517 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt
* 1:59804 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59805 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59806 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59807 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59808 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59809 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59810 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59811 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59812 <-> SERVER-WEBAPP Citrix SD-WAN Appliance SQL injection attempt
* 1:59813 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59814 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59815 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59816 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59817 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59818 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59819 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59820 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt
* 1:59910 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59911 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59912 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59913 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59914 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59915 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59916 <-> SERVER-WEBAPP Netgear ProSAFE switch debug command execution attempt
* 1:59921 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59922 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59923 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59924 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59925 <-> SERVER-WEBAPP Multiple products OGNL expression injection attempt
* 1:59934 <-> SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt
* 1:59939 <-> SERVER-WEBAPP Zyxel Firewall command injection attempt
* 1:59940 <-> SERVER-WEBAPP DotCMS directory traversal attempt
* 1:59951 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59952 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59953 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59954 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59959 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59960 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59961 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59962 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59963 <-> SERVER-WEBAPP FatPipe WARP and VPN arbitrary JSP file upload attempt
* 1:59964 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59965 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59966 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59976 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59977 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59978 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:60043 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60044 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60045 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60046 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60062 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60063 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60064 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60065 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60073 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60074 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60075 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60085 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60086 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60087 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60092 <-> SERVER-WEBAPP Kaseya VSA arbitrary JSP file upload attempt
* 1:60093 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60094 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60095 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60107 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60108 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60109 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60110 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60111 <-> SERVER-WEBAPP SAP NetWeaver arbitrary JSP file upload attempt
* 1:60112 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60113 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60114 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60121 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60122 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60156 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60157 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60158 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60159 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60160 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60161 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60162 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60165 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:60167 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60168 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60169 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60170 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60171 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60172 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60173 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60230 <-> SERVER-WEBAPP NETGEAR router remote code execution attempt
* 1:60231 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60232 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60233 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60234 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60235 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60236 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60241 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60242 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60256 <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt
* 1:60257 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60258 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60259 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60262 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60263 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60328 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60329 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60358 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60359 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60360 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60361 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60364 <-> SERVER-WEBAPP AudioCode 400HD command injection attempt
* 1:60403 <-> SERVER-WEBAPP VMware Workspace ONE Access and vRealize Automation authentication bypass attempt
* 1:60418 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60419 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60420 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60421 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60434 <-> SERVER-WEBAPP Zimbra directory traversal remote code execution attempt
* 1:60486 <-> SERVER-WEBAPP Microsoft Exchange Server MailboxExport arbitrary file write attempt
* 1:60509 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60510 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60511 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60561 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60562 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60563 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60564 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60565 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60566 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60567 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60568 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60609 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60610 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60633 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60635 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60636 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60642 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60670 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60671 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60672 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60673 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60674 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60675 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60676 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60677 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60678 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60679 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60680 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60697 <-> SERVER-WEBAPP VICIdial user_stats.php SQL injection attempt
* 1:60729 <-> SERVER-WEBAPP vm2 remote code execution attempt
* 1:60784 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60786 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60789 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60791 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60792 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
* 1:60803 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60804 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60840 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60841 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60842 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60855 <-> SERVER-WEBAPP JXPath remote code execution attempt
* 1:61042 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:61068 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61109 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61114 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-WEBAPP Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61117 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61120 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61122 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61123 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61124 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61126 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61127 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-WEBAPP Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61135 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61139 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61141 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61144 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61149 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61177 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61178 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61179 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP file injection attempt
* 1:61180 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61181 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61194 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:61418 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61419 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61420 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61421 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61451 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61452 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61453 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61534 <-> SERVER-WEBAPP Avaya Aura Device Services PhoneBackup arbitrary PHP file upload attempt
* 1:61579 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61580 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61581 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61677 <-> SERVER-WEBAPP PaperCut MF/NG PrintScript sandbox setting modification attempt
* 1:61690 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61691 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61698 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:61709 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:61766 <-> SERVER-WEBAPP PaperCut MF/NG remote code execution attempt
* 1:62036 <-> SERVER-WEBAPP LB-Link Multiple BL Routers command injection attempt
* 1:62043 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62044 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62045 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62046 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62113 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62114 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62115 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62116 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62204 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62205 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62206 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62207 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62230 <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router ViewLog.asp command injection attempt
* 1:62240 <-> SERVER-WEBAPP Trend Micro Mobile Security for Enterprise directory traversal attempt
* 1:62249 <-> SERVER-WEBAPP Node.js vm2 Proxy sandbox escape attempt
* 1:62346 <-> SERVER-WEBAPP Ivanti Sentry MICSLogService command execution attempt
* 1:62384 <-> SERVER-WEBAPP WordPress wpForo Plugin file inclusion attempt
* 1:62512 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62513 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62520 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62521 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62522 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62523 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62555 <-> SERVER-WEBAPP Progress WS_FTP Server insecure deserialization attempt
* 1:62629 <-> SERVER-WEBAPP Atlassian Confluence authentication bypass attempt
* 1:62677 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62678 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62679 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62695 <-> SERVER-WEBAPP ownCloud Graph API information disclosure attempt
* 1:62758 <-> SERVER-WEBAPP PHPFusion downloads.php command injection attempt
* 1:62761 <-> SERVER-WEBAPP Qlik Sense Enterprise HTTP tunneling attempt
* 1:62776 <-> SERVER-WEBAPP Qlik Sense Enterprise directory traversal attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:62828 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62829 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62845 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62846 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62851 <-> SERVER-WEBAPP Schneider Electric IIoT Monitor frmUpdateSetting directory traversal attempt
* 1:62886 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62888 <-> SERVER-WEBAPP Apache Superset unsafe database connection string attempt
* 1:62950 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:62951 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:63309 <-> SERVER-WEBAPP Palo Alto Networks Firewall directory traversal attempt
* 1:63310 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63311 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63313 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63314 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63604 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:63855 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:65184 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt

3370

2026-04-21 12:03:02 UTC

Snort Subscriber Rules Update

Date: 2026-04-20-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.3.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:66307 <-> SERVER-WEBAPP GLPI Inventory Agent SQL injection attempt
* 1:66308 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66309 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66310 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66311 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66312 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66313 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66314 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66315 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66316 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66317 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66318 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66319 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66320 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66321 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66322 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66323 <-> SERVER-WEBAPP Centreon Web generateImage.php SQL injection attempt
* 1:66324 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66325 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66326 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66327 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66328 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66329 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66330 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66331 <-> SERVER-WEBAPP Apache ActiveMQ remote code execution attempt
* 1:66332 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66333 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66334 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66335 <-> SERVER-WEBAPP Siemens SINEC NMS moveFolder SQL injection attempt
* 1:66336 <-> SERVER-WEBAPP FlowiseAI Flowise arbitrary code execution attempt
* 1:66337 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66338 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66339 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66340 <-> OS-WINDOWS Microsoft Visual Studio git clone argument injection attempt
* 1:66341 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66342 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66343 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66344 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66345 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66346 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66347 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66348 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66349 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66350 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66351 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66352 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66353 <-> SERVER-WEBAPP Zimbra Collaboration SQL injection attempt

Modified Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt
* 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:300210 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300211 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300247 <-> SERVER-WEBAPP PAN-OS Simple Certificate Enrollment Protocol arbitrary PHP file upload attempt
* 1:300305 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:300361 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:300376 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300377 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300378 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300477 <-> SERVER-WEBAPP Avaya Aura Device Services cross site scripting attempt
* 1:300521 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:300523 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300785 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300786 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300787 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:300804 <-> SERVER-WEBAPP GitLab password reset authentication bypass attempt
* 1:300805 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:300847 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:300848 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:45112 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:45113 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58670 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58671 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58672 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58676 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58677 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58678 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt
* 1:58721 <-> SERVER-WEBAPP Grafana getPluginAssets path traversal attempt
* 1:58745 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58746 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58747 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58748 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58797 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58798 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58799 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58800 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58855 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway register2 Client SQL injection attempt
* 1:58857 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58858 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58861 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58862 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58863 <-> SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt
* 1:58864 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58905 <-> SERVER-WEBAPP OneDev AttachmentUploadServet arbitrary Java deserialization attempt
* 1:58959 <-> SERVER-WEBAPP WordPress Core SQL injection attempt
* 1:58960 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58961 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58962 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58966 <-> SERVER-WEBAPP Apache Airflow command injection attempt
* 1:58974 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58975 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58976 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58977 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58980 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58981 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58982 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58983 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58985 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58986 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58995 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58996 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58997 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58998 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:59003 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise SQL injection attempt
* 1:59017 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Java expression language injection attempt
* 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59080 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59081 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59082 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59090 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData API SQL injection attempt
* 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt
* 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt
* 1:59236 <-> SERVER-WEBAPP Sitecore XP insecure deserialization attempt
* 1:59246 <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt
* 1:59292 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59293 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59298 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59299 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
* 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt
* 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59482 <-> SERVER-WEBAPP Oracle Business Intelligencee BIRemotingServlet deserialization remote code execution attempt
* 1:59483 <-> SERVER-WEBAPP GilaCMS arbitrary php file upload attempt
* 1:59499 <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt
* 1:59514 <-> SERVER-WEBAPP CentOS Web Panel authentication bypass attempt
* 1:59515 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59516 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59517 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt
* 1:59804 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59805 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59806 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59807 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59808 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59809 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59810 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59811 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59812 <-> SERVER-WEBAPP Citrix SD-WAN Appliance SQL injection attempt
* 1:59813 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59814 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59815 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59816 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59817 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59818 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59819 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59820 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt
* 1:59910 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59911 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59912 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59913 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59914 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59915 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59916 <-> SERVER-WEBAPP Netgear ProSAFE switch debug command execution attempt
* 1:59921 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59922 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59923 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59924 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59925 <-> SERVER-WEBAPP Multiple products OGNL expression injection attempt
* 1:59934 <-> SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt
* 1:59939 <-> SERVER-WEBAPP Zyxel Firewall command injection attempt
* 1:59940 <-> SERVER-WEBAPP DotCMS directory traversal attempt
* 1:59951 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59952 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59953 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59954 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59959 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59960 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59961 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59962 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59963 <-> SERVER-WEBAPP FatPipe WARP and VPN arbitrary JSP file upload attempt
* 1:59964 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59965 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59966 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59976 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59977 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59978 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:60043 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60044 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60045 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60046 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60062 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60063 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60064 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60065 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60073 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60074 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60075 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60085 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60086 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60087 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60092 <-> SERVER-WEBAPP Kaseya VSA arbitrary JSP file upload attempt
* 1:60093 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60094 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60095 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60107 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60108 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60109 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60110 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60111 <-> SERVER-WEBAPP SAP NetWeaver arbitrary JSP file upload attempt
* 1:60112 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60113 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60114 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60121 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60122 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60156 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60157 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60158 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60159 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60160 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60161 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60162 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60165 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:60167 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60168 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60169 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60170 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60171 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60172 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60173 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60230 <-> SERVER-WEBAPP NETGEAR router remote code execution attempt
* 1:60231 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60232 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60233 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60234 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60235 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60236 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60241 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60242 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60256 <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt
* 1:60257 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60258 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60259 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60262 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60263 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60328 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60329 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60358 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60359 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60360 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60361 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60364 <-> SERVER-WEBAPP AudioCode 400HD command injection attempt
* 1:60403 <-> SERVER-WEBAPP VMware Workspace ONE Access and vRealize Automation authentication bypass attempt
* 1:60418 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60419 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60420 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60421 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60434 <-> SERVER-WEBAPP Zimbra directory traversal remote code execution attempt
* 1:60486 <-> SERVER-WEBAPP Microsoft Exchange Server MailboxExport arbitrary file write attempt
* 1:60509 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60510 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60511 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60561 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60562 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60563 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60564 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60565 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60566 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60567 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60568 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60609 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60610 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60633 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60635 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60636 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60642 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60670 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60671 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60672 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60673 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60674 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60675 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60676 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60677 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60678 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60679 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60680 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60697 <-> SERVER-WEBAPP VICIdial user_stats.php SQL injection attempt
* 1:60729 <-> SERVER-WEBAPP vm2 remote code execution attempt
* 1:60784 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60786 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60789 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60791 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60792 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
* 1:60803 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60804 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60840 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60841 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60842 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60855 <-> SERVER-WEBAPP JXPath remote code execution attempt
* 1:61042 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:61068 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61109 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61114 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-WEBAPP Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61117 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61120 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61122 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61123 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61124 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61126 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61127 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-WEBAPP Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61135 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61139 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61141 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61144 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61149 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61177 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61178 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61179 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP file injection attempt
* 1:61180 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61181 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61194 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:61418 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61419 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61420 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61421 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61451 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61452 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61453 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61534 <-> SERVER-WEBAPP Avaya Aura Device Services PhoneBackup arbitrary PHP file upload attempt
* 1:61579 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61580 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61581 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61677 <-> SERVER-WEBAPP PaperCut MF/NG PrintScript sandbox setting modification attempt
* 1:61690 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61691 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61698 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:61709 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:61766 <-> SERVER-WEBAPP PaperCut MF/NG remote code execution attempt
* 1:62036 <-> SERVER-WEBAPP LB-Link Multiple BL Routers command injection attempt
* 1:62043 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62044 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62045 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62046 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62113 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62114 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62115 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62116 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62204 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62205 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62206 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62207 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62230 <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router ViewLog.asp command injection attempt
* 1:62240 <-> SERVER-WEBAPP Trend Micro Mobile Security for Enterprise directory traversal attempt
* 1:62249 <-> SERVER-WEBAPP Node.js vm2 Proxy sandbox escape attempt
* 1:62346 <-> SERVER-WEBAPP Ivanti Sentry MICSLogService command execution attempt
* 1:62384 <-> SERVER-WEBAPP WordPress wpForo Plugin file inclusion attempt
* 1:62512 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62513 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62520 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62521 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62522 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62523 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62555 <-> SERVER-WEBAPP Progress WS_FTP Server insecure deserialization attempt
* 1:62629 <-> SERVER-WEBAPP Atlassian Confluence authentication bypass attempt
* 1:62677 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62678 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62679 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62695 <-> SERVER-WEBAPP ownCloud Graph API information disclosure attempt
* 1:62758 <-> SERVER-WEBAPP PHPFusion downloads.php command injection attempt
* 1:62761 <-> SERVER-WEBAPP Qlik Sense Enterprise HTTP tunneling attempt
* 1:62776 <-> SERVER-WEBAPP Qlik Sense Enterprise directory traversal attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:62828 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62829 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62845 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62846 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62851 <-> SERVER-WEBAPP Schneider Electric IIoT Monitor frmUpdateSetting directory traversal attempt
* 1:62886 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62888 <-> SERVER-WEBAPP Apache Superset unsafe database connection string attempt
* 1:62950 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:62951 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:63309 <-> SERVER-WEBAPP Palo Alto Networks Firewall directory traversal attempt
* 1:63310 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63311 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63313 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63314 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63604 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:63855 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:65184 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt

3700

2026-04-21 12:03:02 UTC

Snort Subscriber Rules Update

Date: 2026-04-20-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.7.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:66307 <-> SERVER-WEBAPP GLPI Inventory Agent SQL injection attempt
* 1:66308 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66309 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66310 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66311 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66312 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66313 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66314 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66315 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66316 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66317 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66318 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66319 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66320 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66321 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66322 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66323 <-> SERVER-WEBAPP Centreon Web generateImage.php SQL injection attempt
* 1:66324 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66325 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66326 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66327 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66328 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66329 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66330 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66331 <-> SERVER-WEBAPP Apache ActiveMQ remote code execution attempt
* 1:66332 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66333 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66334 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66335 <-> SERVER-WEBAPP Siemens SINEC NMS moveFolder SQL injection attempt
* 1:66336 <-> SERVER-WEBAPP FlowiseAI Flowise arbitrary code execution attempt
* 1:66337 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66338 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66339 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66340 <-> OS-WINDOWS Microsoft Visual Studio git clone argument injection attempt
* 1:66341 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66342 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66343 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66344 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66345 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66346 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66347 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66348 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66349 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66350 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66351 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66352 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66353 <-> SERVER-WEBAPP Zimbra Collaboration SQL injection attempt

Modified Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt
* 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:300210 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300211 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300247 <-> SERVER-WEBAPP PAN-OS Simple Certificate Enrollment Protocol arbitrary PHP file upload attempt
* 1:300305 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:300361 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:300376 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300377 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300378 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300477 <-> SERVER-WEBAPP Avaya Aura Device Services cross site scripting attempt
* 1:300521 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:300523 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300785 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300786 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300787 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:300804 <-> SERVER-WEBAPP GitLab password reset authentication bypass attempt
* 1:300805 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:300847 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:300848 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:45112 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:45113 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58670 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58671 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58672 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58676 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58677 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58678 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt
* 1:58721 <-> SERVER-WEBAPP Grafana getPluginAssets path traversal attempt
* 1:58745 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58746 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58747 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58748 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58797 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58798 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58799 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58800 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58855 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway register2 Client SQL injection attempt
* 1:58857 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58858 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58861 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58862 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58863 <-> SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt
* 1:58864 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58905 <-> SERVER-WEBAPP OneDev AttachmentUploadServet arbitrary Java deserialization attempt
* 1:58959 <-> SERVER-WEBAPP WordPress Core SQL injection attempt
* 1:58960 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58961 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58962 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58966 <-> SERVER-WEBAPP Apache Airflow command injection attempt
* 1:58974 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58975 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58976 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58977 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58980 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58981 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58982 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58983 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58985 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58986 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58995 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58996 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58997 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58998 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:59003 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise SQL injection attempt
* 1:59017 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Java expression language injection attempt
* 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59080 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59081 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59082 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59090 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData API SQL injection attempt
* 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt
* 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt
* 1:59236 <-> SERVER-WEBAPP Sitecore XP insecure deserialization attempt
* 1:59246 <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt
* 1:59292 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59293 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59298 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59299 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
* 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt
* 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59482 <-> SERVER-WEBAPP Oracle Business Intelligencee BIRemotingServlet deserialization remote code execution attempt
* 1:59483 <-> SERVER-WEBAPP GilaCMS arbitrary php file upload attempt
* 1:59499 <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt
* 1:59514 <-> SERVER-WEBAPP CentOS Web Panel authentication bypass attempt
* 1:59515 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59516 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59517 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt
* 1:59804 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59805 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59806 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59807 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59808 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59809 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59810 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59811 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59812 <-> SERVER-WEBAPP Citrix SD-WAN Appliance SQL injection attempt
* 1:59813 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59814 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59815 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59816 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59817 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59818 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59819 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59820 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt
* 1:59910 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59911 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59912 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59913 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59914 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59915 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59916 <-> SERVER-WEBAPP Netgear ProSAFE switch debug command execution attempt
* 1:59921 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59922 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59923 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59924 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59925 <-> SERVER-WEBAPP Multiple products OGNL expression injection attempt
* 1:59934 <-> SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt
* 1:59939 <-> SERVER-WEBAPP Zyxel Firewall command injection attempt
* 1:59940 <-> SERVER-WEBAPP DotCMS directory traversal attempt
* 1:59951 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59952 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59953 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59954 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59959 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59960 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59961 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59962 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59963 <-> SERVER-WEBAPP FatPipe WARP and VPN arbitrary JSP file upload attempt
* 1:59964 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59965 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59966 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59976 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59977 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59978 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:60043 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60044 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60045 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60046 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60062 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60063 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60064 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60065 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60073 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60074 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60075 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60085 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60086 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60087 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60092 <-> SERVER-WEBAPP Kaseya VSA arbitrary JSP file upload attempt
* 1:60093 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60094 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60095 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60107 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60108 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60109 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60110 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60111 <-> SERVER-WEBAPP SAP NetWeaver arbitrary JSP file upload attempt
* 1:60112 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60113 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60114 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60121 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60122 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60156 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60157 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60158 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60159 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60160 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60161 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60162 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60165 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:60167 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60168 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60169 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60170 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60171 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60172 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60173 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60230 <-> SERVER-WEBAPP NETGEAR router remote code execution attempt
* 1:60231 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60232 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60233 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60234 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60235 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60236 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60241 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60242 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60256 <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt
* 1:60257 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60258 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60259 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60262 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60263 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60328 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60329 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60358 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60359 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60360 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60361 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60364 <-> SERVER-WEBAPP AudioCode 400HD command injection attempt
* 1:60403 <-> SERVER-WEBAPP VMware Workspace ONE Access and vRealize Automation authentication bypass attempt
* 1:60418 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60419 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60420 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60421 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60434 <-> SERVER-WEBAPP Zimbra directory traversal remote code execution attempt
* 1:60486 <-> SERVER-WEBAPP Microsoft Exchange Server MailboxExport arbitrary file write attempt
* 1:60509 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60510 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60511 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60561 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60562 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60563 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60564 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60565 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60566 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60567 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60568 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60609 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60610 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60633 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60635 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60636 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60642 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60670 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60671 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60672 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60673 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60674 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60675 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60676 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60677 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60678 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60679 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60680 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60697 <-> SERVER-WEBAPP VICIdial user_stats.php SQL injection attempt
* 1:60729 <-> SERVER-WEBAPP vm2 remote code execution attempt
* 1:60784 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60786 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60789 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60791 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60792 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
* 1:60803 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60804 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60840 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60841 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60842 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60855 <-> SERVER-WEBAPP JXPath remote code execution attempt
* 1:61042 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:61068 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61109 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61114 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-WEBAPP Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61117 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61120 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61122 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61123 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61124 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61126 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61127 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-WEBAPP Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61135 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61139 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61141 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61144 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61149 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61177 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61178 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61179 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP file injection attempt
* 1:61180 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61181 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61194 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:61418 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61419 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61420 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61421 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61451 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61452 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61453 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61534 <-> SERVER-WEBAPP Avaya Aura Device Services PhoneBackup arbitrary PHP file upload attempt
* 1:61579 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61580 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61581 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61677 <-> SERVER-WEBAPP PaperCut MF/NG PrintScript sandbox setting modification attempt
* 1:61690 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61691 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61698 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:61709 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:61766 <-> SERVER-WEBAPP PaperCut MF/NG remote code execution attempt
* 1:62036 <-> SERVER-WEBAPP LB-Link Multiple BL Routers command injection attempt
* 1:62043 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62044 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62045 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62046 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62113 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62114 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62115 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62116 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62204 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62205 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62206 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62207 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62230 <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router ViewLog.asp command injection attempt
* 1:62240 <-> SERVER-WEBAPP Trend Micro Mobile Security for Enterprise directory traversal attempt
* 1:62249 <-> SERVER-WEBAPP Node.js vm2 Proxy sandbox escape attempt
* 1:62346 <-> SERVER-WEBAPP Ivanti Sentry MICSLogService command execution attempt
* 1:62384 <-> SERVER-WEBAPP WordPress wpForo Plugin file inclusion attempt
* 1:62512 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62513 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62520 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62521 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62522 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62523 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62555 <-> SERVER-WEBAPP Progress WS_FTP Server insecure deserialization attempt
* 1:62629 <-> SERVER-WEBAPP Atlassian Confluence authentication bypass attempt
* 1:62677 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62678 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62679 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62695 <-> SERVER-WEBAPP ownCloud Graph API information disclosure attempt
* 1:62758 <-> SERVER-WEBAPP PHPFusion downloads.php command injection attempt
* 1:62761 <-> SERVER-WEBAPP Qlik Sense Enterprise HTTP tunneling attempt
* 1:62776 <-> SERVER-WEBAPP Qlik Sense Enterprise directory traversal attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:62828 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62829 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62845 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62846 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62851 <-> SERVER-WEBAPP Schneider Electric IIoT Monitor frmUpdateSetting directory traversal attempt
* 1:62886 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62888 <-> SERVER-WEBAPP Apache Superset unsafe database connection string attempt
* 1:62950 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:62951 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:63309 <-> SERVER-WEBAPP Palo Alto Networks Firewall directory traversal attempt
* 1:63310 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63311 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63313 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63314 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63604 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:63855 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:65184 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt

3900

2026-04-21 12:03:02 UTC

Snort Subscriber Rules Update

Date: 2026-04-20-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.9.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:66307 <-> SERVER-WEBAPP GLPI Inventory Agent SQL injection attempt
* 1:66308 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66309 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66310 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66311 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66312 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66313 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66314 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66315 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66316 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66317 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66318 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66319 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66320 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66321 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66322 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66323 <-> SERVER-WEBAPP Centreon Web generateImage.php SQL injection attempt
* 1:66324 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66325 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66326 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66327 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66328 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66329 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66330 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66331 <-> SERVER-WEBAPP Apache ActiveMQ remote code execution attempt
* 1:66332 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66333 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66334 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66335 <-> SERVER-WEBAPP Siemens SINEC NMS moveFolder SQL injection attempt
* 1:66336 <-> SERVER-WEBAPP FlowiseAI Flowise arbitrary code execution attempt
* 1:66337 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66338 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66339 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66340 <-> OS-WINDOWS Microsoft Visual Studio git clone argument injection attempt
* 1:66341 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66342 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66343 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66344 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66345 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66346 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66347 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66348 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66349 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66350 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66351 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66352 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66353 <-> SERVER-WEBAPP Zimbra Collaboration SQL injection attempt

Modified Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt
* 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:300210 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300211 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300247 <-> SERVER-WEBAPP PAN-OS Simple Certificate Enrollment Protocol arbitrary PHP file upload attempt
* 1:300305 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:300361 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:300376 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300377 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300378 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300477 <-> SERVER-WEBAPP Avaya Aura Device Services cross site scripting attempt
* 1:300521 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:300523 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300785 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300786 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300787 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:300804 <-> SERVER-WEBAPP GitLab password reset authentication bypass attempt
* 1:300805 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:300847 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:300848 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:45112 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:45113 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58670 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58671 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58672 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58676 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58677 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58678 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt
* 1:58721 <-> SERVER-WEBAPP Grafana getPluginAssets path traversal attempt
* 1:58745 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58746 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58747 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58748 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58797 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58798 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58799 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58800 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58855 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway register2 Client SQL injection attempt
* 1:58857 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58858 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58861 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58862 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58863 <-> SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt
* 1:58864 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58905 <-> SERVER-WEBAPP OneDev AttachmentUploadServet arbitrary Java deserialization attempt
* 1:58959 <-> SERVER-WEBAPP WordPress Core SQL injection attempt
* 1:58960 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58961 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58962 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58966 <-> SERVER-WEBAPP Apache Airflow command injection attempt
* 1:58974 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58975 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58976 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58977 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58980 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58981 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58982 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58983 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58985 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58986 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58995 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58996 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58997 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58998 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:59003 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise SQL injection attempt
* 1:59017 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Java expression language injection attempt
* 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59080 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59081 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59082 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59090 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData API SQL injection attempt
* 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt
* 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt
* 1:59236 <-> SERVER-WEBAPP Sitecore XP insecure deserialization attempt
* 1:59246 <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt
* 1:59292 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59293 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59298 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59299 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
* 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt
* 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59482 <-> SERVER-WEBAPP Oracle Business Intelligencee BIRemotingServlet deserialization remote code execution attempt
* 1:59483 <-> SERVER-WEBAPP GilaCMS arbitrary php file upload attempt
* 1:59499 <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt
* 1:59514 <-> SERVER-WEBAPP CentOS Web Panel authentication bypass attempt
* 1:59515 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59516 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59517 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt
* 1:59804 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59805 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59806 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59807 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59808 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59809 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59810 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59811 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59812 <-> SERVER-WEBAPP Citrix SD-WAN Appliance SQL injection attempt
* 1:59813 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59814 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59815 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59816 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59817 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59818 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59819 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59820 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt
* 1:59910 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59911 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59912 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59913 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59914 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59915 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59916 <-> SERVER-WEBAPP Netgear ProSAFE switch debug command execution attempt
* 1:59921 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59922 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59923 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59924 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59925 <-> SERVER-WEBAPP Multiple products OGNL expression injection attempt
* 1:59934 <-> SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt
* 1:59939 <-> SERVER-WEBAPP Zyxel Firewall command injection attempt
* 1:59940 <-> SERVER-WEBAPP DotCMS directory traversal attempt
* 1:59951 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59952 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59953 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59954 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59959 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59960 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59961 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59962 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59963 <-> SERVER-WEBAPP FatPipe WARP and VPN arbitrary JSP file upload attempt
* 1:59964 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59965 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59966 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59976 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59977 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59978 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:60043 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60044 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60045 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60046 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60062 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60063 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60064 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60065 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60073 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60074 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60075 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60085 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60086 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60087 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60092 <-> SERVER-WEBAPP Kaseya VSA arbitrary JSP file upload attempt
* 1:60093 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60094 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60095 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60107 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60108 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60109 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60110 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60111 <-> SERVER-WEBAPP SAP NetWeaver arbitrary JSP file upload attempt
* 1:60112 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60113 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60114 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60121 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60122 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60156 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60157 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60158 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60159 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60160 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60161 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60162 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60165 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:60167 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60168 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60169 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60170 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60171 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60172 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60173 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60230 <-> SERVER-WEBAPP NETGEAR router remote code execution attempt
* 1:60231 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60232 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60233 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60234 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60235 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60236 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60241 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60242 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60256 <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt
* 1:60257 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60258 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60259 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60262 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60263 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60328 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60329 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60358 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60359 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60360 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60361 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60364 <-> SERVER-WEBAPP AudioCode 400HD command injection attempt
* 1:60403 <-> SERVER-WEBAPP VMware Workspace ONE Access and vRealize Automation authentication bypass attempt
* 1:60418 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60419 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60420 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60421 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60434 <-> SERVER-WEBAPP Zimbra directory traversal remote code execution attempt
* 1:60486 <-> SERVER-WEBAPP Microsoft Exchange Server MailboxExport arbitrary file write attempt
* 1:60509 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60510 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60511 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60561 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60562 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60563 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60564 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60565 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60566 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60567 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60568 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60609 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60610 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60633 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60635 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60636 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60642 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60670 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60671 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60672 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60673 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60674 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60675 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60676 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60677 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60678 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60679 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60680 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60697 <-> SERVER-WEBAPP VICIdial user_stats.php SQL injection attempt
* 1:60729 <-> SERVER-WEBAPP vm2 remote code execution attempt
* 1:60784 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60786 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60789 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60791 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60792 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
* 1:60803 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60804 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60840 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60841 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60842 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60855 <-> SERVER-WEBAPP JXPath remote code execution attempt
* 1:61042 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:61068 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61109 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61114 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-WEBAPP Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61117 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61120 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61122 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61123 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61124 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61126 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61127 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-WEBAPP Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61135 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61139 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61141 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61144 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61149 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61177 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61178 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61179 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP file injection attempt
* 1:61180 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61181 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61194 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:61418 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61419 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61420 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61421 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61451 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61452 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61453 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61534 <-> SERVER-WEBAPP Avaya Aura Device Services PhoneBackup arbitrary PHP file upload attempt
* 1:61579 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61580 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61581 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61677 <-> SERVER-WEBAPP PaperCut MF/NG PrintScript sandbox setting modification attempt
* 1:61690 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61691 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61698 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:61709 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:61766 <-> SERVER-WEBAPP PaperCut MF/NG remote code execution attempt
* 1:62036 <-> SERVER-WEBAPP LB-Link Multiple BL Routers command injection attempt
* 1:62043 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62044 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62045 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62046 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62113 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62114 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62115 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62116 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62204 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62205 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62206 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62207 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62230 <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router ViewLog.asp command injection attempt
* 1:62240 <-> SERVER-WEBAPP Trend Micro Mobile Security for Enterprise directory traversal attempt
* 1:62249 <-> SERVER-WEBAPP Node.js vm2 Proxy sandbox escape attempt
* 1:62346 <-> SERVER-WEBAPP Ivanti Sentry MICSLogService command execution attempt
* 1:62384 <-> SERVER-WEBAPP WordPress wpForo Plugin file inclusion attempt
* 1:62512 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62513 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62520 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62521 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62522 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62523 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62555 <-> SERVER-WEBAPP Progress WS_FTP Server insecure deserialization attempt
* 1:62629 <-> SERVER-WEBAPP Atlassian Confluence authentication bypass attempt
* 1:62677 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62678 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62679 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62695 <-> SERVER-WEBAPP ownCloud Graph API information disclosure attempt
* 1:62758 <-> SERVER-WEBAPP PHPFusion downloads.php command injection attempt
* 1:62761 <-> SERVER-WEBAPP Qlik Sense Enterprise HTTP tunneling attempt
* 1:62776 <-> SERVER-WEBAPP Qlik Sense Enterprise directory traversal attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:62828 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62829 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62845 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62846 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62851 <-> SERVER-WEBAPP Schneider Electric IIoT Monitor frmUpdateSetting directory traversal attempt
* 1:62886 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62888 <-> SERVER-WEBAPP Apache Superset unsafe database connection string attempt
* 1:62950 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:62951 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:63309 <-> SERVER-WEBAPP Palo Alto Networks Firewall directory traversal attempt
* 1:63310 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63311 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63313 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63314 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63604 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:63855 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:65184 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt

31110

2026-04-21 12:03:02 UTC

Snort Subscriber Rules Update

Date: 2026-04-20-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:66307 <-> SERVER-WEBAPP GLPI Inventory Agent SQL injection attempt
* 1:66308 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66309 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66310 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66311 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66312 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66313 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66314 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66315 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66316 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66317 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66318 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66319 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66320 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66321 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66322 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66323 <-> SERVER-WEBAPP Centreon Web generateImage.php SQL injection attempt
* 1:66324 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66325 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66326 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66327 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66328 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66329 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66330 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66331 <-> SERVER-WEBAPP Apache ActiveMQ remote code execution attempt
* 1:66332 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66333 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66334 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66335 <-> SERVER-WEBAPP Siemens SINEC NMS moveFolder SQL injection attempt
* 1:66336 <-> SERVER-WEBAPP FlowiseAI Flowise arbitrary code execution attempt
* 1:66337 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66338 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66339 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66340 <-> OS-WINDOWS Microsoft Visual Studio git clone argument injection attempt
* 1:66341 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66342 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66343 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66344 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66345 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66346 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66347 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66348 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66349 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66350 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66351 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66352 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66353 <-> SERVER-WEBAPP Zimbra Collaboration SQL injection attempt

Modified Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt
* 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:300210 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300211 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300247 <-> SERVER-WEBAPP PAN-OS Simple Certificate Enrollment Protocol arbitrary PHP file upload attempt
* 1:300305 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:300361 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:300376 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300377 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300378 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300477 <-> SERVER-WEBAPP Avaya Aura Device Services cross site scripting attempt
* 1:300521 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:300523 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300785 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300786 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300787 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:300804 <-> SERVER-WEBAPP GitLab password reset authentication bypass attempt
* 1:300805 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:300847 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:300848 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:45112 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:45113 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58670 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58671 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58672 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58676 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58677 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58678 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt
* 1:58721 <-> SERVER-WEBAPP Grafana getPluginAssets path traversal attempt
* 1:58745 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58746 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58747 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58748 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58797 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58798 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58799 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58800 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58855 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway register2 Client SQL injection attempt
* 1:58857 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58858 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58861 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58862 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58863 <-> SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt
* 1:58864 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58905 <-> SERVER-WEBAPP OneDev AttachmentUploadServet arbitrary Java deserialization attempt
* 1:58959 <-> SERVER-WEBAPP WordPress Core SQL injection attempt
* 1:58960 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58961 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58962 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58966 <-> SERVER-WEBAPP Apache Airflow command injection attempt
* 1:58974 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58975 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58976 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58977 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58980 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58981 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58982 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58983 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58985 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58986 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58995 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58996 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58997 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58998 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:59003 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise SQL injection attempt
* 1:59017 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Java expression language injection attempt
* 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59080 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59081 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59082 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59090 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData API SQL injection attempt
* 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt
* 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt
* 1:59236 <-> SERVER-WEBAPP Sitecore XP insecure deserialization attempt
* 1:59246 <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt
* 1:59292 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59293 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59298 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59299 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
* 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt
* 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59482 <-> SERVER-WEBAPP Oracle Business Intelligencee BIRemotingServlet deserialization remote code execution attempt
* 1:59483 <-> SERVER-WEBAPP GilaCMS arbitrary php file upload attempt
* 1:59499 <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt
* 1:59514 <-> SERVER-WEBAPP CentOS Web Panel authentication bypass attempt
* 1:59515 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59516 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59517 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt
* 1:59804 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59805 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59806 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59807 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59808 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59809 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59810 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59811 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59812 <-> SERVER-WEBAPP Citrix SD-WAN Appliance SQL injection attempt
* 1:59813 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59814 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59815 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59816 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59817 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59818 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59819 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59820 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt
* 1:59910 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59911 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59912 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59913 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59914 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59915 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59916 <-> SERVER-WEBAPP Netgear ProSAFE switch debug command execution attempt
* 1:59921 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59922 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59923 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59924 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59925 <-> SERVER-WEBAPP Multiple products OGNL expression injection attempt
* 1:59934 <-> SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt
* 1:59939 <-> SERVER-WEBAPP Zyxel Firewall command injection attempt
* 1:59940 <-> SERVER-WEBAPP DotCMS directory traversal attempt
* 1:59951 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59952 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59953 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59954 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59959 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59960 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59961 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59962 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59963 <-> SERVER-WEBAPP FatPipe WARP and VPN arbitrary JSP file upload attempt
* 1:59964 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59965 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59966 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59976 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59977 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59978 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:60043 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60044 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60045 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60046 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60062 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60063 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60064 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60065 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60073 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60074 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60075 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60085 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60086 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60087 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60092 <-> SERVER-WEBAPP Kaseya VSA arbitrary JSP file upload attempt
* 1:60093 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60094 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60095 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60107 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60108 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60109 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60110 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60111 <-> SERVER-WEBAPP SAP NetWeaver arbitrary JSP file upload attempt
* 1:60112 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60113 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60114 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60121 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60122 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60156 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60157 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60158 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60159 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60160 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60161 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60162 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60165 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:60167 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60168 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60169 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60170 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60171 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60172 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60173 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60230 <-> SERVER-WEBAPP NETGEAR router remote code execution attempt
* 1:60231 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60232 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60233 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60234 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60235 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60236 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60241 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60242 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60256 <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt
* 1:60257 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60258 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60259 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60262 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60263 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60328 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60329 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60358 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60359 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60360 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60361 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60364 <-> SERVER-WEBAPP AudioCode 400HD command injection attempt
* 1:60403 <-> SERVER-WEBAPP VMware Workspace ONE Access and vRealize Automation authentication bypass attempt
* 1:60418 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60419 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60420 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60421 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60434 <-> SERVER-WEBAPP Zimbra directory traversal remote code execution attempt
* 1:60486 <-> SERVER-WEBAPP Microsoft Exchange Server MailboxExport arbitrary file write attempt
* 1:60509 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60510 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60511 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60561 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60562 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60563 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60564 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60565 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60566 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60567 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60568 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60609 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60610 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60633 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60635 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60636 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60642 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60670 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60671 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60672 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60673 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60674 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60675 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60676 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60677 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60678 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60679 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60680 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60697 <-> SERVER-WEBAPP VICIdial user_stats.php SQL injection attempt
* 1:60729 <-> SERVER-WEBAPP vm2 remote code execution attempt
* 1:60784 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60786 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60789 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60791 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60792 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
* 1:60803 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60804 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60840 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60841 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60842 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60855 <-> SERVER-WEBAPP JXPath remote code execution attempt
* 1:61042 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:61068 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61109 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61114 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-WEBAPP Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61117 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61120 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61122 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61123 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61124 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61126 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61127 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-WEBAPP Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61135 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61139 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61141 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61144 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61149 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61177 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61178 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61179 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP file injection attempt
* 1:61180 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61181 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61194 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:61418 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61419 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61420 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61421 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61451 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61452 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61453 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61534 <-> SERVER-WEBAPP Avaya Aura Device Services PhoneBackup arbitrary PHP file upload attempt
* 1:61579 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61580 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61581 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61677 <-> SERVER-WEBAPP PaperCut MF/NG PrintScript sandbox setting modification attempt
* 1:61690 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61691 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61698 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:61709 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:61766 <-> SERVER-WEBAPP PaperCut MF/NG remote code execution attempt
* 1:62036 <-> SERVER-WEBAPP LB-Link Multiple BL Routers command injection attempt
* 1:62043 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62044 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62045 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62046 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62113 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62114 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62115 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62116 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62204 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62205 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62206 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62207 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62230 <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router ViewLog.asp command injection attempt
* 1:62240 <-> SERVER-WEBAPP Trend Micro Mobile Security for Enterprise directory traversal attempt
* 1:62249 <-> SERVER-WEBAPP Node.js vm2 Proxy sandbox escape attempt
* 1:62346 <-> SERVER-WEBAPP Ivanti Sentry MICSLogService command execution attempt
* 1:62384 <-> SERVER-WEBAPP WordPress wpForo Plugin file inclusion attempt
* 1:62512 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62513 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62520 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62521 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62522 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62523 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62555 <-> SERVER-WEBAPP Progress WS_FTP Server insecure deserialization attempt
* 1:62629 <-> SERVER-WEBAPP Atlassian Confluence authentication bypass attempt
* 1:62677 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62678 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62679 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62695 <-> SERVER-WEBAPP ownCloud Graph API information disclosure attempt
* 1:62758 <-> SERVER-WEBAPP PHPFusion downloads.php command injection attempt
* 1:62761 <-> SERVER-WEBAPP Qlik Sense Enterprise HTTP tunneling attempt
* 1:62776 <-> SERVER-WEBAPP Qlik Sense Enterprise directory traversal attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:62828 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62829 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62845 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62846 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62851 <-> SERVER-WEBAPP Schneider Electric IIoT Monitor frmUpdateSetting directory traversal attempt
* 1:62886 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62888 <-> SERVER-WEBAPP Apache Superset unsafe database connection string attempt
* 1:62950 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:62951 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:63309 <-> SERVER-WEBAPP Palo Alto Networks Firewall directory traversal attempt
* 1:63310 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63311 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63313 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63314 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63604 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:63855 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:65184 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt

31150

2026-04-21 12:03:02 UTC

Snort Subscriber Rules Update

Date: 2026-04-20-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:66307 <-> SERVER-WEBAPP GLPI Inventory Agent SQL injection attempt
* 1:66308 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66309 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66310 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66311 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66312 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66313 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66314 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66315 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66316 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66317 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66318 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66319 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66320 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66321 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66322 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66323 <-> SERVER-WEBAPP Centreon Web generateImage.php SQL injection attempt
* 1:66324 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66325 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66326 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66327 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66328 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66329 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66330 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66331 <-> SERVER-WEBAPP Apache ActiveMQ remote code execution attempt
* 1:66332 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66333 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66334 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66335 <-> SERVER-WEBAPP Siemens SINEC NMS moveFolder SQL injection attempt
* 1:66336 <-> SERVER-WEBAPP FlowiseAI Flowise arbitrary code execution attempt
* 1:66337 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66338 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66339 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66340 <-> OS-WINDOWS Microsoft Visual Studio git clone argument injection attempt
* 1:66341 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66342 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66343 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66344 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66345 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66346 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66347 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66348 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66349 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66350 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66351 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66352 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66353 <-> SERVER-WEBAPP Zimbra Collaboration SQL injection attempt

Modified Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt
* 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:300210 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300211 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300247 <-> SERVER-WEBAPP PAN-OS Simple Certificate Enrollment Protocol arbitrary PHP file upload attempt
* 1:300305 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:300361 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:300376 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300377 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300378 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300477 <-> SERVER-WEBAPP Avaya Aura Device Services cross site scripting attempt
* 1:300521 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:300523 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300785 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300786 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300787 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:300804 <-> SERVER-WEBAPP GitLab password reset authentication bypass attempt
* 1:300805 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:300847 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:300848 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:45112 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:45113 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58670 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58671 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58672 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58676 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58677 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58678 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt
* 1:58721 <-> SERVER-WEBAPP Grafana getPluginAssets path traversal attempt
* 1:58745 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58746 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58747 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58748 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58797 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58798 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58799 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58800 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58855 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway register2 Client SQL injection attempt
* 1:58857 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58858 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58861 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58862 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58863 <-> SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt
* 1:58864 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58905 <-> SERVER-WEBAPP OneDev AttachmentUploadServet arbitrary Java deserialization attempt
* 1:58959 <-> SERVER-WEBAPP WordPress Core SQL injection attempt
* 1:58960 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58961 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58962 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58966 <-> SERVER-WEBAPP Apache Airflow command injection attempt
* 1:58974 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58975 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58976 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58977 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58980 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58981 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58982 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58983 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58985 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58986 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58995 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58996 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58997 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58998 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:59003 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise SQL injection attempt
* 1:59017 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Java expression language injection attempt
* 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59080 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59081 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59082 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59090 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData API SQL injection attempt
* 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt
* 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt
* 1:59236 <-> SERVER-WEBAPP Sitecore XP insecure deserialization attempt
* 1:59246 <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt
* 1:59292 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59293 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59298 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59299 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
* 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt
* 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59482 <-> SERVER-WEBAPP Oracle Business Intelligencee BIRemotingServlet deserialization remote code execution attempt
* 1:59483 <-> SERVER-WEBAPP GilaCMS arbitrary php file upload attempt
* 1:59499 <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt
* 1:59514 <-> SERVER-WEBAPP CentOS Web Panel authentication bypass attempt
* 1:59515 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59516 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59517 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt
* 1:59804 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59805 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59806 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59807 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59808 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59809 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59810 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59811 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59812 <-> SERVER-WEBAPP Citrix SD-WAN Appliance SQL injection attempt
* 1:59813 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59814 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59815 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59816 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59817 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59818 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59819 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59820 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt
* 1:59910 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59911 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59912 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59913 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59914 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59915 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59916 <-> SERVER-WEBAPP Netgear ProSAFE switch debug command execution attempt
* 1:59921 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59922 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59923 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59924 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59925 <-> SERVER-WEBAPP Multiple products OGNL expression injection attempt
* 1:59934 <-> SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt
* 1:59939 <-> SERVER-WEBAPP Zyxel Firewall command injection attempt
* 1:59940 <-> SERVER-WEBAPP DotCMS directory traversal attempt
* 1:59951 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59952 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59953 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59954 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59959 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59960 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59961 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59962 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59963 <-> SERVER-WEBAPP FatPipe WARP and VPN arbitrary JSP file upload attempt
* 1:59964 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59965 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59966 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59976 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59977 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59978 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:60043 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60044 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60045 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60046 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60062 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60063 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60064 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60065 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60073 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60074 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60075 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60085 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60086 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60087 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60092 <-> SERVER-WEBAPP Kaseya VSA arbitrary JSP file upload attempt
* 1:60093 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60094 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60095 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60107 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60108 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60109 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60110 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60111 <-> SERVER-WEBAPP SAP NetWeaver arbitrary JSP file upload attempt
* 1:60112 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60113 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60114 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60121 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60122 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60156 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60157 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60158 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60159 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60160 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60161 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60162 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60165 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:60167 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60168 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60169 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60170 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60171 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60172 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60173 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60230 <-> SERVER-WEBAPP NETGEAR router remote code execution attempt
* 1:60231 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60232 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60233 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60234 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60235 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60236 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60241 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60242 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60256 <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt
* 1:60257 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60258 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60259 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60262 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60263 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60328 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60329 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60358 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60359 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60360 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60361 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60364 <-> SERVER-WEBAPP AudioCode 400HD command injection attempt
* 1:60403 <-> SERVER-WEBAPP VMware Workspace ONE Access and vRealize Automation authentication bypass attempt
* 1:60418 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60419 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60420 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60421 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60434 <-> SERVER-WEBAPP Zimbra directory traversal remote code execution attempt
* 1:60486 <-> SERVER-WEBAPP Microsoft Exchange Server MailboxExport arbitrary file write attempt
* 1:60509 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60510 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60511 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60561 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60562 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60563 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60564 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60565 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60566 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60567 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60568 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60609 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60610 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60633 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60635 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60636 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60642 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60670 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60671 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60672 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60673 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60674 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60675 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60676 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60677 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60678 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60679 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60680 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60697 <-> SERVER-WEBAPP VICIdial user_stats.php SQL injection attempt
* 1:60729 <-> SERVER-WEBAPP vm2 remote code execution attempt
* 1:60784 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60786 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60789 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60791 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60792 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
* 1:60803 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60804 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60840 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60841 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60842 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60855 <-> SERVER-WEBAPP JXPath remote code execution attempt
* 1:61042 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:61068 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61109 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61114 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-WEBAPP Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61117 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61120 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61122 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61123 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61124 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61126 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61127 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-WEBAPP Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61135 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61139 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61141 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61144 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61149 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61177 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61178 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61179 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP file injection attempt
* 1:61180 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61181 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61194 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:61418 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61419 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61420 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61421 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61451 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61452 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61453 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61534 <-> SERVER-WEBAPP Avaya Aura Device Services PhoneBackup arbitrary PHP file upload attempt
* 1:61579 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61580 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61581 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61677 <-> SERVER-WEBAPP PaperCut MF/NG PrintScript sandbox setting modification attempt
* 1:61690 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61691 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61698 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:61709 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:61766 <-> SERVER-WEBAPP PaperCut MF/NG remote code execution attempt
* 1:62036 <-> SERVER-WEBAPP LB-Link Multiple BL Routers command injection attempt
* 1:62043 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62044 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62045 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62046 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62113 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62114 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62115 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62116 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62204 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62205 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62206 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62207 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62230 <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router ViewLog.asp command injection attempt
* 1:62240 <-> SERVER-WEBAPP Trend Micro Mobile Security for Enterprise directory traversal attempt
* 1:62249 <-> SERVER-WEBAPP Node.js vm2 Proxy sandbox escape attempt
* 1:62346 <-> SERVER-WEBAPP Ivanti Sentry MICSLogService command execution attempt
* 1:62384 <-> SERVER-WEBAPP WordPress wpForo Plugin file inclusion attempt
* 1:62512 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62513 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62520 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62521 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62522 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62523 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62555 <-> SERVER-WEBAPP Progress WS_FTP Server insecure deserialization attempt
* 1:62629 <-> SERVER-WEBAPP Atlassian Confluence authentication bypass attempt
* 1:62677 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62678 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62679 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62695 <-> SERVER-WEBAPP ownCloud Graph API information disclosure attempt
* 1:62758 <-> SERVER-WEBAPP PHPFusion downloads.php command injection attempt
* 1:62761 <-> SERVER-WEBAPP Qlik Sense Enterprise HTTP tunneling attempt
* 1:62776 <-> SERVER-WEBAPP Qlik Sense Enterprise directory traversal attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:62828 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62829 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62845 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62846 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62851 <-> SERVER-WEBAPP Schneider Electric IIoT Monitor frmUpdateSetting directory traversal attempt
* 1:62886 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62888 <-> SERVER-WEBAPP Apache Superset unsafe database connection string attempt
* 1:62950 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:62951 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:63309 <-> SERVER-WEBAPP Palo Alto Networks Firewall directory traversal attempt
* 1:63310 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63311 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63313 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63314 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63604 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:63855 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:65184 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt

31180

2026-04-21 12:03:02 UTC

Snort Subscriber Rules Update

Date: 2026-04-20-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:66307 <-> SERVER-WEBAPP GLPI Inventory Agent SQL injection attempt
* 1:66308 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66309 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66310 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66311 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66312 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66313 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66314 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66315 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66316 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66317 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66318 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66319 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66320 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66321 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66322 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66323 <-> SERVER-WEBAPP Centreon Web generateImage.php SQL injection attempt
* 1:66324 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66325 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66326 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66327 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66328 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66329 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66330 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66331 <-> SERVER-WEBAPP Apache ActiveMQ remote code execution attempt
* 1:66332 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66333 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66334 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66335 <-> SERVER-WEBAPP Siemens SINEC NMS moveFolder SQL injection attempt
* 1:66336 <-> SERVER-WEBAPP FlowiseAI Flowise arbitrary code execution attempt
* 1:66337 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66338 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66339 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66340 <-> OS-WINDOWS Microsoft Visual Studio git clone argument injection attempt
* 1:66341 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66342 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66343 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66344 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66345 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66346 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66347 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66348 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66349 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66350 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66351 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66352 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66353 <-> SERVER-WEBAPP Zimbra Collaboration SQL injection attempt

Modified Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt
* 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:300210 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300211 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300247 <-> SERVER-WEBAPP PAN-OS Simple Certificate Enrollment Protocol arbitrary PHP file upload attempt
* 1:300305 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:300361 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:300376 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300377 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300378 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300477 <-> SERVER-WEBAPP Avaya Aura Device Services cross site scripting attempt
* 1:300521 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:300523 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300785 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300786 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300787 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:300804 <-> SERVER-WEBAPP GitLab password reset authentication bypass attempt
* 1:300805 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:300847 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:300848 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:45112 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:45113 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58670 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58671 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58672 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58676 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58677 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58678 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt
* 1:58721 <-> SERVER-WEBAPP Grafana getPluginAssets path traversal attempt
* 1:58745 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58746 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58747 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58748 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58797 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58798 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58799 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58800 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58855 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway register2 Client SQL injection attempt
* 1:58857 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58858 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58861 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58862 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58863 <-> SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt
* 1:58864 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58905 <-> SERVER-WEBAPP OneDev AttachmentUploadServet arbitrary Java deserialization attempt
* 1:58959 <-> SERVER-WEBAPP WordPress Core SQL injection attempt
* 1:58960 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58961 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58962 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58966 <-> SERVER-WEBAPP Apache Airflow command injection attempt
* 1:58974 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58975 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58976 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58977 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58980 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58981 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58982 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58983 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58985 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58986 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58995 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58996 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58997 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58998 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:59003 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise SQL injection attempt
* 1:59017 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Java expression language injection attempt
* 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59080 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59081 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59082 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59090 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData API SQL injection attempt
* 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt
* 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt
* 1:59236 <-> SERVER-WEBAPP Sitecore XP insecure deserialization attempt
* 1:59246 <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt
* 1:59292 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59293 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59298 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59299 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
* 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt
* 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59482 <-> SERVER-WEBAPP Oracle Business Intelligencee BIRemotingServlet deserialization remote code execution attempt
* 1:59483 <-> SERVER-WEBAPP GilaCMS arbitrary php file upload attempt
* 1:59499 <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt
* 1:59514 <-> SERVER-WEBAPP CentOS Web Panel authentication bypass attempt
* 1:59515 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59516 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59517 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt
* 1:59804 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59805 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59806 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59807 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59808 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59809 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59810 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59811 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59812 <-> SERVER-WEBAPP Citrix SD-WAN Appliance SQL injection attempt
* 1:59813 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59814 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59815 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59816 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59817 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59818 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59819 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59820 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt
* 1:59910 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59911 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59912 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59913 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59914 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59915 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59916 <-> SERVER-WEBAPP Netgear ProSAFE switch debug command execution attempt
* 1:59921 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59922 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59923 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59924 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59925 <-> SERVER-WEBAPP Multiple products OGNL expression injection attempt
* 1:59934 <-> SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt
* 1:59939 <-> SERVER-WEBAPP Zyxel Firewall command injection attempt
* 1:59940 <-> SERVER-WEBAPP DotCMS directory traversal attempt
* 1:59951 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59952 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59953 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59954 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59959 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59960 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59961 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59962 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59963 <-> SERVER-WEBAPP FatPipe WARP and VPN arbitrary JSP file upload attempt
* 1:59964 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59965 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59966 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59976 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59977 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59978 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:60043 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60044 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60045 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60046 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60062 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60063 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60064 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60065 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60073 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60074 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60075 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60085 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60086 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60087 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60092 <-> SERVER-WEBAPP Kaseya VSA arbitrary JSP file upload attempt
* 1:60093 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60094 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60095 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60107 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60108 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60109 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60110 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60111 <-> SERVER-WEBAPP SAP NetWeaver arbitrary JSP file upload attempt
* 1:60112 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60113 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60114 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60121 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60122 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60156 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60157 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60158 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60159 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60160 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60161 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60162 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60165 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:60167 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60168 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60169 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60170 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60171 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60172 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60173 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60230 <-> SERVER-WEBAPP NETGEAR router remote code execution attempt
* 1:60231 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60232 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60233 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60234 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60235 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60236 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60241 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60242 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60256 <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt
* 1:60257 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60258 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60259 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60262 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60263 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60328 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60329 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60358 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60359 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60360 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60361 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60364 <-> SERVER-WEBAPP AudioCode 400HD command injection attempt
* 1:60403 <-> SERVER-WEBAPP VMware Workspace ONE Access and vRealize Automation authentication bypass attempt
* 1:60418 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60419 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60420 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60421 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60434 <-> SERVER-WEBAPP Zimbra directory traversal remote code execution attempt
* 1:60486 <-> SERVER-WEBAPP Microsoft Exchange Server MailboxExport arbitrary file write attempt
* 1:60509 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60510 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60511 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60561 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60562 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60563 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60564 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60565 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60566 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60567 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60568 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60609 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60610 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60633 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60635 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60636 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60642 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60670 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60671 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60672 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60673 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60674 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60675 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60676 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60677 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60678 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60679 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60680 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60697 <-> SERVER-WEBAPP VICIdial user_stats.php SQL injection attempt
* 1:60729 <-> SERVER-WEBAPP vm2 remote code execution attempt
* 1:60784 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60786 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60789 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60791 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60792 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
* 1:60803 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60804 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60840 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60841 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60842 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60855 <-> SERVER-WEBAPP JXPath remote code execution attempt
* 1:61042 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:61068 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61109 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61114 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-WEBAPP Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61117 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61120 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61122 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61123 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61124 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61126 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61127 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-WEBAPP Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61135 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61139 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61141 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61144 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61149 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61177 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61178 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61179 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP file injection attempt
* 1:61180 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61181 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61194 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:61418 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61419 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61420 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61421 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61451 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61452 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61453 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61534 <-> SERVER-WEBAPP Avaya Aura Device Services PhoneBackup arbitrary PHP file upload attempt
* 1:61579 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61580 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61581 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61677 <-> SERVER-WEBAPP PaperCut MF/NG PrintScript sandbox setting modification attempt
* 1:61690 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61691 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61698 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:61709 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:61766 <-> SERVER-WEBAPP PaperCut MF/NG remote code execution attempt
* 1:62036 <-> SERVER-WEBAPP LB-Link Multiple BL Routers command injection attempt
* 1:62043 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62044 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62045 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62046 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62113 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62114 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62115 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62116 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62204 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62205 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62206 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62207 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62230 <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router ViewLog.asp command injection attempt
* 1:62240 <-> SERVER-WEBAPP Trend Micro Mobile Security for Enterprise directory traversal attempt
* 1:62249 <-> SERVER-WEBAPP Node.js vm2 Proxy sandbox escape attempt
* 1:62346 <-> SERVER-WEBAPP Ivanti Sentry MICSLogService command execution attempt
* 1:62384 <-> SERVER-WEBAPP WordPress wpForo Plugin file inclusion attempt
* 1:62512 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62513 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62520 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62521 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62522 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62523 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62555 <-> SERVER-WEBAPP Progress WS_FTP Server insecure deserialization attempt
* 1:62629 <-> SERVER-WEBAPP Atlassian Confluence authentication bypass attempt
* 1:62677 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62678 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62679 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62695 <-> SERVER-WEBAPP ownCloud Graph API information disclosure attempt
* 1:62758 <-> SERVER-WEBAPP PHPFusion downloads.php command injection attempt
* 1:62761 <-> SERVER-WEBAPP Qlik Sense Enterprise HTTP tunneling attempt
* 1:62776 <-> SERVER-WEBAPP Qlik Sense Enterprise directory traversal attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:62828 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62829 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62845 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62846 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62851 <-> SERVER-WEBAPP Schneider Electric IIoT Monitor frmUpdateSetting directory traversal attempt
* 1:62886 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62888 <-> SERVER-WEBAPP Apache Superset unsafe database connection string attempt
* 1:62950 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:62951 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:63309 <-> SERVER-WEBAPP Palo Alto Networks Firewall directory traversal attempt
* 1:63310 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63311 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63313 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63314 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63604 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:63855 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:65184 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt

31200

2026-04-21 12:03:03 UTC

Snort Subscriber Rules Update

Date: 2026-04-20-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.12.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:66307 <-> SERVER-WEBAPP GLPI Inventory Agent SQL injection attempt
* 1:66308 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66309 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66310 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66311 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66312 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66313 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66314 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66315 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66316 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66317 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66318 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66319 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66320 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66321 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66322 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66323 <-> SERVER-WEBAPP Centreon Web generateImage.php SQL injection attempt
* 1:66324 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66325 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66326 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66327 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66328 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66329 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66330 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66331 <-> SERVER-WEBAPP Apache ActiveMQ remote code execution attempt
* 1:66332 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66333 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66334 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66335 <-> SERVER-WEBAPP Siemens SINEC NMS moveFolder SQL injection attempt
* 1:66336 <-> SERVER-WEBAPP FlowiseAI Flowise arbitrary code execution attempt
* 1:66337 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66338 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66339 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66340 <-> OS-WINDOWS Microsoft Visual Studio git clone argument injection attempt
* 1:66341 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66342 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66343 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66344 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66345 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66346 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66347 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66348 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66349 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66350 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66351 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66352 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66353 <-> SERVER-WEBAPP Zimbra Collaboration SQL injection attempt

Modified Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt
* 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:300210 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300211 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300247 <-> SERVER-WEBAPP PAN-OS Simple Certificate Enrollment Protocol arbitrary PHP file upload attempt
* 1:300305 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:300361 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:300376 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300377 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300378 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300477 <-> SERVER-WEBAPP Avaya Aura Device Services cross site scripting attempt
* 1:300521 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:300523 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300785 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300786 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300787 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:300804 <-> SERVER-WEBAPP GitLab password reset authentication bypass attempt
* 1:300805 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:300847 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:300848 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:45112 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:45113 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58670 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58671 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58672 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58676 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58677 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58678 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt
* 1:58721 <-> SERVER-WEBAPP Grafana getPluginAssets path traversal attempt
* 1:58745 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58746 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58747 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58748 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58797 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58798 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58799 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58800 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58855 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway register2 Client SQL injection attempt
* 1:58857 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58858 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58861 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58862 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58863 <-> SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt
* 1:58864 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58905 <-> SERVER-WEBAPP OneDev AttachmentUploadServet arbitrary Java deserialization attempt
* 1:58959 <-> SERVER-WEBAPP WordPress Core SQL injection attempt
* 1:58960 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58961 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58962 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58966 <-> SERVER-WEBAPP Apache Airflow command injection attempt
* 1:58974 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58975 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58976 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58977 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58980 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58981 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58982 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58983 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58985 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58986 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58995 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58996 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58997 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58998 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:59003 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise SQL injection attempt
* 1:59017 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Java expression language injection attempt
* 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59080 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59081 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59082 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59090 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData API SQL injection attempt
* 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt
* 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt
* 1:59236 <-> SERVER-WEBAPP Sitecore XP insecure deserialization attempt
* 1:59246 <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt
* 1:59292 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59293 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59298 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59299 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
* 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt
* 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59482 <-> SERVER-WEBAPP Oracle Business Intelligencee BIRemotingServlet deserialization remote code execution attempt
* 1:59483 <-> SERVER-WEBAPP GilaCMS arbitrary php file upload attempt
* 1:59499 <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt
* 1:59514 <-> SERVER-WEBAPP CentOS Web Panel authentication bypass attempt
* 1:59515 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59516 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59517 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt
* 1:59804 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59805 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59806 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59807 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59808 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59809 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59810 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59811 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59812 <-> SERVER-WEBAPP Citrix SD-WAN Appliance SQL injection attempt
* 1:59813 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59814 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59815 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59816 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59817 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59818 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59819 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59820 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt
* 1:59910 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59911 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59912 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59913 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59914 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59915 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59916 <-> SERVER-WEBAPP Netgear ProSAFE switch debug command execution attempt
* 1:59921 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59922 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59923 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59924 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59925 <-> SERVER-WEBAPP Multiple products OGNL expression injection attempt
* 1:59934 <-> SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt
* 1:59939 <-> SERVER-WEBAPP Zyxel Firewall command injection attempt
* 1:59940 <-> SERVER-WEBAPP DotCMS directory traversal attempt
* 1:59951 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59952 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59953 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59954 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59959 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59960 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59961 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59962 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59963 <-> SERVER-WEBAPP FatPipe WARP and VPN arbitrary JSP file upload attempt
* 1:59964 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59965 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59966 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59976 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59977 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59978 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:60043 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60044 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60045 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60046 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60062 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60063 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60064 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60065 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60073 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60074 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60075 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60085 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60086 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60087 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60092 <-> SERVER-WEBAPP Kaseya VSA arbitrary JSP file upload attempt
* 1:60093 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60094 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60095 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60107 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60108 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60109 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60110 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60111 <-> SERVER-WEBAPP SAP NetWeaver arbitrary JSP file upload attempt
* 1:60112 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60113 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60114 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60121 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60122 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60156 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60157 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60158 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60159 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60160 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60161 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60162 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60165 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:60167 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60168 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60169 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60170 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60171 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60172 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60173 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60230 <-> SERVER-WEBAPP NETGEAR router remote code execution attempt
* 1:60231 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60232 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60233 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60234 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60235 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60236 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60241 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60242 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60256 <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt
* 1:60257 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60258 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60259 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60262 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60263 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60328 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60329 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60358 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60359 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60360 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60361 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60364 <-> SERVER-WEBAPP AudioCode 400HD command injection attempt
* 1:60403 <-> SERVER-WEBAPP VMware Workspace ONE Access and vRealize Automation authentication bypass attempt
* 1:60418 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60419 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60420 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60421 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60434 <-> SERVER-WEBAPP Zimbra directory traversal remote code execution attempt
* 1:60486 <-> SERVER-WEBAPP Microsoft Exchange Server MailboxExport arbitrary file write attempt
* 1:60509 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60510 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60511 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60561 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60562 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60563 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60564 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60565 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60566 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60567 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60568 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60609 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60610 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60633 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60635 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60636 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60642 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60670 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60671 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60672 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60673 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60674 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60675 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60676 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60677 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60678 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60679 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60680 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60697 <-> SERVER-WEBAPP VICIdial user_stats.php SQL injection attempt
* 1:60729 <-> SERVER-WEBAPP vm2 remote code execution attempt
* 1:60784 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60786 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60789 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60791 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60792 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
* 1:60803 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60804 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60840 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60841 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60842 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60855 <-> SERVER-WEBAPP JXPath remote code execution attempt
* 1:61042 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:61068 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61109 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61114 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-WEBAPP Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61117 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61120 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61122 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61123 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61124 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61126 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61127 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-WEBAPP Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61135 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61139 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61141 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61144 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61149 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61177 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61178 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61179 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP file injection attempt
* 1:61180 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61181 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61194 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:61418 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61419 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61420 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61421 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61451 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61452 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61453 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61534 <-> SERVER-WEBAPP Avaya Aura Device Services PhoneBackup arbitrary PHP file upload attempt
* 1:61579 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61580 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61581 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61677 <-> SERVER-WEBAPP PaperCut MF/NG PrintScript sandbox setting modification attempt
* 1:61690 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61691 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61698 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:61709 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:61766 <-> SERVER-WEBAPP PaperCut MF/NG remote code execution attempt
* 1:62036 <-> SERVER-WEBAPP LB-Link Multiple BL Routers command injection attempt
* 1:62043 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62044 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62045 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62046 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62113 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62114 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62115 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62116 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62204 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62205 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62206 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62207 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62230 <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router ViewLog.asp command injection attempt
* 1:62240 <-> SERVER-WEBAPP Trend Micro Mobile Security for Enterprise directory traversal attempt
* 1:62249 <-> SERVER-WEBAPP Node.js vm2 Proxy sandbox escape attempt
* 1:62346 <-> SERVER-WEBAPP Ivanti Sentry MICSLogService command execution attempt
* 1:62384 <-> SERVER-WEBAPP WordPress wpForo Plugin file inclusion attempt
* 1:62512 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62513 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62520 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62521 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62522 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62523 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62555 <-> SERVER-WEBAPP Progress WS_FTP Server insecure deserialization attempt
* 1:62629 <-> SERVER-WEBAPP Atlassian Confluence authentication bypass attempt
* 1:62677 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62678 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62679 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62695 <-> SERVER-WEBAPP ownCloud Graph API information disclosure attempt
* 1:62758 <-> SERVER-WEBAPP PHPFusion downloads.php command injection attempt
* 1:62761 <-> SERVER-WEBAPP Qlik Sense Enterprise HTTP tunneling attempt
* 1:62776 <-> SERVER-WEBAPP Qlik Sense Enterprise directory traversal attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:62828 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62829 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62845 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62846 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62851 <-> SERVER-WEBAPP Schneider Electric IIoT Monitor frmUpdateSetting directory traversal attempt
* 1:62886 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62888 <-> SERVER-WEBAPP Apache Superset unsafe database connection string attempt
* 1:62950 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:62951 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:63309 <-> SERVER-WEBAPP Palo Alto Networks Firewall directory traversal attempt
* 1:63310 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63311 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63313 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63314 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63604 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:63855 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:65184 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt

31210

2026-04-21 12:03:03 UTC

Snort Subscriber Rules Update

Date: 2026-04-20-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:66307 <-> SERVER-WEBAPP GLPI Inventory Agent SQL injection attempt
* 1:66308 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66309 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66310 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66311 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66312 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66313 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66314 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66315 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66316 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66317 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66318 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66319 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66320 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66321 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66322 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66323 <-> SERVER-WEBAPP Centreon Web generateImage.php SQL injection attempt
* 1:66324 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66325 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66326 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66327 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66328 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66329 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66330 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66331 <-> SERVER-WEBAPP Apache ActiveMQ remote code execution attempt
* 1:66332 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66333 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66334 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66335 <-> SERVER-WEBAPP Siemens SINEC NMS moveFolder SQL injection attempt
* 1:66336 <-> SERVER-WEBAPP FlowiseAI Flowise arbitrary code execution attempt
* 1:66337 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66338 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66339 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66340 <-> OS-WINDOWS Microsoft Visual Studio git clone argument injection attempt
* 1:66341 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66342 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66343 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66344 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66345 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66346 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66347 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66348 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66349 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66350 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66351 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66352 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66353 <-> SERVER-WEBAPP Zimbra Collaboration SQL injection attempt

Modified Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt
* 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:300210 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300211 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300247 <-> SERVER-WEBAPP PAN-OS Simple Certificate Enrollment Protocol arbitrary PHP file upload attempt
* 1:300305 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:300361 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:300376 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300377 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300378 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300477 <-> SERVER-WEBAPP Avaya Aura Device Services cross site scripting attempt
* 1:300521 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:300523 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300785 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300786 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300787 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:300804 <-> SERVER-WEBAPP GitLab password reset authentication bypass attempt
* 1:300805 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:300847 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:300848 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:45112 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:45113 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58670 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58671 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58672 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58676 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58677 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58678 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt
* 1:58721 <-> SERVER-WEBAPP Grafana getPluginAssets path traversal attempt
* 1:58745 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58746 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58747 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58748 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58797 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58798 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58799 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58800 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58855 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway register2 Client SQL injection attempt
* 1:58857 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58858 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58861 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58862 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58863 <-> SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt
* 1:58864 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58905 <-> SERVER-WEBAPP OneDev AttachmentUploadServet arbitrary Java deserialization attempt
* 1:58959 <-> SERVER-WEBAPP WordPress Core SQL injection attempt
* 1:58960 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58961 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58962 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58966 <-> SERVER-WEBAPP Apache Airflow command injection attempt
* 1:58974 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58975 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58976 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58977 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58980 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58981 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58982 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58983 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58985 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58986 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58995 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58996 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58997 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58998 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:59003 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise SQL injection attempt
* 1:59017 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Java expression language injection attempt
* 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59080 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59081 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59082 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59090 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData API SQL injection attempt
* 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt
* 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt
* 1:59236 <-> SERVER-WEBAPP Sitecore XP insecure deserialization attempt
* 1:59246 <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt
* 1:59292 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59293 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59298 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59299 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
* 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt
* 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59482 <-> SERVER-WEBAPP Oracle Business Intelligencee BIRemotingServlet deserialization remote code execution attempt
* 1:59483 <-> SERVER-WEBAPP GilaCMS arbitrary php file upload attempt
* 1:59499 <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt
* 1:59514 <-> SERVER-WEBAPP CentOS Web Panel authentication bypass attempt
* 1:59515 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59516 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59517 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt
* 1:59804 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59805 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59806 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59807 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59808 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59809 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59810 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59811 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59812 <-> SERVER-WEBAPP Citrix SD-WAN Appliance SQL injection attempt
* 1:59813 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59814 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59815 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59816 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59817 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59818 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59819 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59820 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt
* 1:59910 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59911 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59912 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59913 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59914 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59915 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59916 <-> SERVER-WEBAPP Netgear ProSAFE switch debug command execution attempt
* 1:59921 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59922 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59923 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59924 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59925 <-> SERVER-WEBAPP Multiple products OGNL expression injection attempt
* 1:59934 <-> SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt
* 1:59939 <-> SERVER-WEBAPP Zyxel Firewall command injection attempt
* 1:59940 <-> SERVER-WEBAPP DotCMS directory traversal attempt
* 1:59951 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59952 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59953 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59954 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59959 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59960 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59961 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59962 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59963 <-> SERVER-WEBAPP FatPipe WARP and VPN arbitrary JSP file upload attempt
* 1:59964 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59965 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59966 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59976 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59977 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59978 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:60043 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60044 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60045 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60046 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60062 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60063 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60064 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60065 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60073 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60074 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60075 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60085 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60086 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60087 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60092 <-> SERVER-WEBAPP Kaseya VSA arbitrary JSP file upload attempt
* 1:60093 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60094 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60095 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60107 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60108 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60109 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60110 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60111 <-> SERVER-WEBAPP SAP NetWeaver arbitrary JSP file upload attempt
* 1:60112 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60113 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60114 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60121 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60122 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60156 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60157 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60158 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60159 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60160 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60161 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60162 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60165 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:60167 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60168 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60169 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60170 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60171 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60172 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60173 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60230 <-> SERVER-WEBAPP NETGEAR router remote code execution attempt
* 1:60231 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60232 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60233 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60234 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60235 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60236 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60241 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60242 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60256 <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt
* 1:60257 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60258 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60259 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60262 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60263 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60328 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60329 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60358 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60359 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60360 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60361 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60364 <-> SERVER-WEBAPP AudioCode 400HD command injection attempt
* 1:60403 <-> SERVER-WEBAPP VMware Workspace ONE Access and vRealize Automation authentication bypass attempt
* 1:60418 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60419 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60420 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60421 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60434 <-> SERVER-WEBAPP Zimbra directory traversal remote code execution attempt
* 1:60486 <-> SERVER-WEBAPP Microsoft Exchange Server MailboxExport arbitrary file write attempt
* 1:60509 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60510 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60511 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60561 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60562 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60563 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60564 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60565 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60566 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60567 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60568 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60609 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60610 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60633 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60635 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60636 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60642 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60670 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60671 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60672 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60673 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60674 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60675 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60676 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60677 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60678 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60679 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60680 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60697 <-> SERVER-WEBAPP VICIdial user_stats.php SQL injection attempt
* 1:60729 <-> SERVER-WEBAPP vm2 remote code execution attempt
* 1:60784 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60786 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60789 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60791 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60792 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
* 1:60803 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60804 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60840 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60841 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60842 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60855 <-> SERVER-WEBAPP JXPath remote code execution attempt
* 1:61042 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:61068 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61109 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61114 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-WEBAPP Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61117 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61120 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61122 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61123 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61124 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61126 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61127 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-WEBAPP Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61135 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61139 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61141 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61144 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61149 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61177 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61178 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61179 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP file injection attempt
* 1:61180 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61181 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61194 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:61418 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61419 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61420 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61421 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61451 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61452 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61453 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61534 <-> SERVER-WEBAPP Avaya Aura Device Services PhoneBackup arbitrary PHP file upload attempt
* 1:61579 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61580 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61581 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61677 <-> SERVER-WEBAPP PaperCut MF/NG PrintScript sandbox setting modification attempt
* 1:61690 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61691 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61698 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:61709 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:61766 <-> SERVER-WEBAPP PaperCut MF/NG remote code execution attempt
* 1:62036 <-> SERVER-WEBAPP LB-Link Multiple BL Routers command injection attempt
* 1:62043 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62044 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62045 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62046 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62113 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62114 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62115 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62116 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62204 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62205 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62206 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62207 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62230 <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router ViewLog.asp command injection attempt
* 1:62240 <-> SERVER-WEBAPP Trend Micro Mobile Security for Enterprise directory traversal attempt
* 1:62249 <-> SERVER-WEBAPP Node.js vm2 Proxy sandbox escape attempt
* 1:62346 <-> SERVER-WEBAPP Ivanti Sentry MICSLogService command execution attempt
* 1:62384 <-> SERVER-WEBAPP WordPress wpForo Plugin file inclusion attempt
* 1:62512 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62513 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62520 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62521 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62522 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62523 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62555 <-> SERVER-WEBAPP Progress WS_FTP Server insecure deserialization attempt
* 1:62629 <-> SERVER-WEBAPP Atlassian Confluence authentication bypass attempt
* 1:62677 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62678 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62679 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62695 <-> SERVER-WEBAPP ownCloud Graph API information disclosure attempt
* 1:62758 <-> SERVER-WEBAPP PHPFusion downloads.php command injection attempt
* 1:62761 <-> SERVER-WEBAPP Qlik Sense Enterprise HTTP tunneling attempt
* 1:62776 <-> SERVER-WEBAPP Qlik Sense Enterprise directory traversal attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:62828 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62829 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62845 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62846 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62851 <-> SERVER-WEBAPP Schneider Electric IIoT Monitor frmUpdateSetting directory traversal attempt
* 1:62886 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62888 <-> SERVER-WEBAPP Apache Superset unsafe database connection string attempt
* 1:62950 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:62951 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:63309 <-> SERVER-WEBAPP Palo Alto Networks Firewall directory traversal attempt
* 1:63310 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63311 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63313 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63314 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63604 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:63855 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:65184 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt

31350

2026-04-21 12:03:03 UTC

Snort Subscriber Rules Update

Date: 2026-04-20-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:66307 <-> SERVER-WEBAPP GLPI Inventory Agent SQL injection attempt
* 1:66308 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66309 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66310 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66311 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66312 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66313 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66314 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66315 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66316 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66317 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66318 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66319 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66320 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66321 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66322 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66323 <-> SERVER-WEBAPP Centreon Web generateImage.php SQL injection attempt
* 1:66324 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66325 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66326 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66327 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66328 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66329 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66330 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66331 <-> SERVER-WEBAPP Apache ActiveMQ remote code execution attempt
* 1:66332 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66333 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66334 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66335 <-> SERVER-WEBAPP Siemens SINEC NMS moveFolder SQL injection attempt
* 1:66336 <-> SERVER-WEBAPP FlowiseAI Flowise arbitrary code execution attempt
* 1:66337 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66338 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66339 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66340 <-> OS-WINDOWS Microsoft Visual Studio git clone argument injection attempt
* 1:66341 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66342 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66343 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66344 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66345 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66346 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66347 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66348 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66349 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66350 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66351 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66352 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66353 <-> SERVER-WEBAPP Zimbra Collaboration SQL injection attempt

Modified Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt
* 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:300210 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300211 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300247 <-> SERVER-WEBAPP PAN-OS Simple Certificate Enrollment Protocol arbitrary PHP file upload attempt
* 1:300305 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:300361 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:300376 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300377 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300378 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300477 <-> SERVER-WEBAPP Avaya Aura Device Services cross site scripting attempt
* 1:300521 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:300523 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300785 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300786 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300787 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:300804 <-> SERVER-WEBAPP GitLab password reset authentication bypass attempt
* 1:300805 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:300847 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:300848 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:45112 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:45113 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58670 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58671 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58672 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58676 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58677 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58678 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt
* 1:58721 <-> SERVER-WEBAPP Grafana getPluginAssets path traversal attempt
* 1:58745 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58746 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58747 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58748 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58797 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58798 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58799 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58800 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58855 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway register2 Client SQL injection attempt
* 1:58857 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58858 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58861 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58862 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58863 <-> SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt
* 1:58864 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58905 <-> SERVER-WEBAPP OneDev AttachmentUploadServet arbitrary Java deserialization attempt
* 1:58959 <-> SERVER-WEBAPP WordPress Core SQL injection attempt
* 1:58960 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58961 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58962 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58966 <-> SERVER-WEBAPP Apache Airflow command injection attempt
* 1:58974 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58975 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58976 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58977 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58980 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58981 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58982 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58983 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58985 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58986 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58995 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58996 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58997 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58998 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:59003 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise SQL injection attempt
* 1:59017 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Java expression language injection attempt
* 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59080 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59081 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59082 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59090 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData API SQL injection attempt
* 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt
* 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt
* 1:59236 <-> SERVER-WEBAPP Sitecore XP insecure deserialization attempt
* 1:59246 <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt
* 1:59292 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59293 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59298 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59299 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
* 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt
* 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59482 <-> SERVER-WEBAPP Oracle Business Intelligencee BIRemotingServlet deserialization remote code execution attempt
* 1:59483 <-> SERVER-WEBAPP GilaCMS arbitrary php file upload attempt
* 1:59499 <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt
* 1:59514 <-> SERVER-WEBAPP CentOS Web Panel authentication bypass attempt
* 1:59515 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59516 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59517 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt
* 1:59804 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59805 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59806 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59807 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59808 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59809 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59810 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59811 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59812 <-> SERVER-WEBAPP Citrix SD-WAN Appliance SQL injection attempt
* 1:59813 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59814 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59815 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59816 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59817 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59818 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59819 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59820 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt
* 1:59910 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59911 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59912 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59913 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59914 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59915 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59916 <-> SERVER-WEBAPP Netgear ProSAFE switch debug command execution attempt
* 1:59921 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59922 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59923 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59924 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59925 <-> SERVER-WEBAPP Multiple products OGNL expression injection attempt
* 1:59934 <-> SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt
* 1:59939 <-> SERVER-WEBAPP Zyxel Firewall command injection attempt
* 1:59940 <-> SERVER-WEBAPP DotCMS directory traversal attempt
* 1:59951 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59952 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59953 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59954 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59959 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59960 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59961 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59962 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59963 <-> SERVER-WEBAPP FatPipe WARP and VPN arbitrary JSP file upload attempt
* 1:59964 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59965 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59966 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59976 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59977 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59978 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:60043 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60044 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60045 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60046 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60062 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60063 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60064 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60065 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60073 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60074 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60075 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60085 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60086 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60087 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60092 <-> SERVER-WEBAPP Kaseya VSA arbitrary JSP file upload attempt
* 1:60093 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60094 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60095 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60107 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60108 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60109 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60110 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60111 <-> SERVER-WEBAPP SAP NetWeaver arbitrary JSP file upload attempt
* 1:60112 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60113 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60114 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60121 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60122 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60156 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60157 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60158 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60159 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60160 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60161 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60162 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60165 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:60167 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60168 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60169 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60170 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60171 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60172 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60173 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60230 <-> SERVER-WEBAPP NETGEAR router remote code execution attempt
* 1:60231 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60232 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60233 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60234 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60235 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60236 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60241 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60242 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60256 <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt
* 1:60257 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60258 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60259 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60262 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60263 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60328 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60329 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60358 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60359 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60360 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60361 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60364 <-> SERVER-WEBAPP AudioCode 400HD command injection attempt
* 1:60403 <-> SERVER-WEBAPP VMware Workspace ONE Access and vRealize Automation authentication bypass attempt
* 1:60418 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60419 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60420 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60421 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60434 <-> SERVER-WEBAPP Zimbra directory traversal remote code execution attempt
* 1:60486 <-> SERVER-WEBAPP Microsoft Exchange Server MailboxExport arbitrary file write attempt
* 1:60509 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60510 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60511 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60561 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60562 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60563 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60564 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60565 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60566 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60567 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60568 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60609 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60610 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60633 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60635 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60636 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60642 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60670 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60671 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60672 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60673 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60674 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60675 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60676 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60677 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60678 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60679 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60680 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60697 <-> SERVER-WEBAPP VICIdial user_stats.php SQL injection attempt
* 1:60729 <-> SERVER-WEBAPP vm2 remote code execution attempt
* 1:60784 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60786 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60789 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60791 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60792 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
* 1:60803 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60804 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60840 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60841 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60842 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60855 <-> SERVER-WEBAPP JXPath remote code execution attempt
* 1:61042 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:61068 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61109 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61114 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-WEBAPP Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61117 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61120 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61122 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61123 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61124 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61126 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61127 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-WEBAPP Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61135 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61139 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61141 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61144 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61149 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61177 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61178 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61179 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP file injection attempt
* 1:61180 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61181 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61194 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:61418 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61419 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61420 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61421 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61451 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61452 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61453 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61534 <-> SERVER-WEBAPP Avaya Aura Device Services PhoneBackup arbitrary PHP file upload attempt
* 1:61579 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61580 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61581 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61677 <-> SERVER-WEBAPP PaperCut MF/NG PrintScript sandbox setting modification attempt
* 1:61690 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61691 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61698 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:61709 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:61766 <-> SERVER-WEBAPP PaperCut MF/NG remote code execution attempt
* 1:62036 <-> SERVER-WEBAPP LB-Link Multiple BL Routers command injection attempt
* 1:62043 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62044 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62045 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62046 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62113 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62114 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62115 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62116 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62204 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62205 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62206 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62207 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62230 <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router ViewLog.asp command injection attempt
* 1:62240 <-> SERVER-WEBAPP Trend Micro Mobile Security for Enterprise directory traversal attempt
* 1:62249 <-> SERVER-WEBAPP Node.js vm2 Proxy sandbox escape attempt
* 1:62346 <-> SERVER-WEBAPP Ivanti Sentry MICSLogService command execution attempt
* 1:62384 <-> SERVER-WEBAPP WordPress wpForo Plugin file inclusion attempt
* 1:62512 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62513 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62520 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62521 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62522 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62523 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62555 <-> SERVER-WEBAPP Progress WS_FTP Server insecure deserialization attempt
* 1:62629 <-> SERVER-WEBAPP Atlassian Confluence authentication bypass attempt
* 1:62677 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62678 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62679 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62695 <-> SERVER-WEBAPP ownCloud Graph API information disclosure attempt
* 1:62758 <-> SERVER-WEBAPP PHPFusion downloads.php command injection attempt
* 1:62761 <-> SERVER-WEBAPP Qlik Sense Enterprise HTTP tunneling attempt
* 1:62776 <-> SERVER-WEBAPP Qlik Sense Enterprise directory traversal attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:62828 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62829 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62845 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62846 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62851 <-> SERVER-WEBAPP Schneider Electric IIoT Monitor frmUpdateSetting directory traversal attempt
* 1:62886 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62888 <-> SERVER-WEBAPP Apache Superset unsafe database connection string attempt
* 1:62950 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:62951 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:63309 <-> SERVER-WEBAPP Palo Alto Networks Firewall directory traversal attempt
* 1:63310 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63311 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63313 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63314 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63604 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:63855 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:65184 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt

31440

2026-04-21 12:03:03 UTC

Snort Subscriber Rules Update

Date: 2026-04-20-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:66307 <-> SERVER-WEBAPP GLPI Inventory Agent SQL injection attempt
* 1:66308 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66309 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66310 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66311 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66312 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66313 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66314 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66315 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66316 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66317 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66318 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66319 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66320 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66321 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66322 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66323 <-> SERVER-WEBAPP Centreon Web generateImage.php SQL injection attempt
* 1:66324 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66325 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66326 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66327 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66328 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66329 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66330 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66331 <-> SERVER-WEBAPP Apache ActiveMQ remote code execution attempt
* 1:66332 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66333 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66334 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66335 <-> SERVER-WEBAPP Siemens SINEC NMS moveFolder SQL injection attempt
* 1:66336 <-> SERVER-WEBAPP FlowiseAI Flowise arbitrary code execution attempt
* 1:66337 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66338 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66339 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66340 <-> OS-WINDOWS Microsoft Visual Studio git clone argument injection attempt
* 1:66341 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66342 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66343 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66344 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66345 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66346 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66347 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66348 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66349 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66350 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66351 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66352 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66353 <-> SERVER-WEBAPP Zimbra Collaboration SQL injection attempt

Modified Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt
* 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:300210 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300211 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300247 <-> SERVER-WEBAPP PAN-OS Simple Certificate Enrollment Protocol arbitrary PHP file upload attempt
* 1:300305 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:300361 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:300376 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300377 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300378 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300477 <-> SERVER-WEBAPP Avaya Aura Device Services cross site scripting attempt
* 1:300521 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:300523 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300785 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300786 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300787 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:300804 <-> SERVER-WEBAPP GitLab password reset authentication bypass attempt
* 1:300805 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:300847 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:300848 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:45112 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:45113 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58670 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58671 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58672 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58676 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58677 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58678 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt
* 1:58721 <-> SERVER-WEBAPP Grafana getPluginAssets path traversal attempt
* 1:58745 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58746 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58747 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58748 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58797 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58798 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58799 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58800 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58855 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway register2 Client SQL injection attempt
* 1:58857 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58858 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58861 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58862 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58863 <-> SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt
* 1:58864 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58905 <-> SERVER-WEBAPP OneDev AttachmentUploadServet arbitrary Java deserialization attempt
* 1:58959 <-> SERVER-WEBAPP WordPress Core SQL injection attempt
* 1:58960 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58961 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58962 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58966 <-> SERVER-WEBAPP Apache Airflow command injection attempt
* 1:58974 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58975 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58976 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58977 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58980 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58981 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58982 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58983 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58985 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58986 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58995 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58996 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58997 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58998 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:59003 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise SQL injection attempt
* 1:59017 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Java expression language injection attempt
* 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59080 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59081 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59082 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59090 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData API SQL injection attempt
* 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt
* 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt
* 1:59236 <-> SERVER-WEBAPP Sitecore XP insecure deserialization attempt
* 1:59246 <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt
* 1:59292 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59293 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59298 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59299 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
* 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt
* 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59482 <-> SERVER-WEBAPP Oracle Business Intelligencee BIRemotingServlet deserialization remote code execution attempt
* 1:59483 <-> SERVER-WEBAPP GilaCMS arbitrary php file upload attempt
* 1:59499 <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt
* 1:59514 <-> SERVER-WEBAPP CentOS Web Panel authentication bypass attempt
* 1:59515 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59516 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59517 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt
* 1:59804 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59805 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59806 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59807 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59808 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59809 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59810 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59811 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59812 <-> SERVER-WEBAPP Citrix SD-WAN Appliance SQL injection attempt
* 1:59813 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59814 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59815 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59816 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59817 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59818 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59819 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59820 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt
* 1:59910 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59911 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59912 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59913 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59914 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59915 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59916 <-> SERVER-WEBAPP Netgear ProSAFE switch debug command execution attempt
* 1:59921 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59922 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59923 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59924 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59925 <-> SERVER-WEBAPP Multiple products OGNL expression injection attempt
* 1:59934 <-> SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt
* 1:59939 <-> SERVER-WEBAPP Zyxel Firewall command injection attempt
* 1:59940 <-> SERVER-WEBAPP DotCMS directory traversal attempt
* 1:59951 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59952 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59953 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59954 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59959 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59960 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59961 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59962 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59963 <-> SERVER-WEBAPP FatPipe WARP and VPN arbitrary JSP file upload attempt
* 1:59964 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59965 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59966 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59976 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59977 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59978 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:60043 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60044 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60045 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60046 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60062 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60063 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60064 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60065 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60073 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60074 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60075 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60085 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60086 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60087 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60092 <-> SERVER-WEBAPP Kaseya VSA arbitrary JSP file upload attempt
* 1:60093 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60094 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60095 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60107 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60108 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60109 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60110 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60111 <-> SERVER-WEBAPP SAP NetWeaver arbitrary JSP file upload attempt
* 1:60112 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60113 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60114 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60121 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60122 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60156 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60157 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60158 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60159 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60160 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60161 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60162 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60165 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:60167 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60168 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60169 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60170 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60171 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60172 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60173 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60230 <-> SERVER-WEBAPP NETGEAR router remote code execution attempt
* 1:60231 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60232 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60233 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60234 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60235 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60236 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60241 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60242 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60256 <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt
* 1:60257 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60258 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60259 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60262 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60263 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60328 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60329 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60358 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60359 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60360 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60361 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60364 <-> SERVER-WEBAPP AudioCode 400HD command injection attempt
* 1:60403 <-> SERVER-WEBAPP VMware Workspace ONE Access and vRealize Automation authentication bypass attempt
* 1:60418 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60419 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60420 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60421 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60434 <-> SERVER-WEBAPP Zimbra directory traversal remote code execution attempt
* 1:60486 <-> SERVER-WEBAPP Microsoft Exchange Server MailboxExport arbitrary file write attempt
* 1:60509 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60510 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60511 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60561 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60562 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60563 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60564 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60565 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60566 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60567 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60568 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60609 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60610 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60633 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60635 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60636 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60642 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60670 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60671 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60672 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60673 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60674 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60675 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60676 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60677 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60678 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60679 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60680 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60697 <-> SERVER-WEBAPP VICIdial user_stats.php SQL injection attempt
* 1:60729 <-> SERVER-WEBAPP vm2 remote code execution attempt
* 1:60784 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60786 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60789 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60791 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60792 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
* 1:60803 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60804 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60840 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60841 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60842 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60855 <-> SERVER-WEBAPP JXPath remote code execution attempt
* 1:61042 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:61068 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61109 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61114 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-WEBAPP Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61117 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61120 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61122 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61123 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61124 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61126 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61127 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-WEBAPP Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61135 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61139 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61141 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61144 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61149 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61177 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61178 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61179 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP file injection attempt
* 1:61180 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61181 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61194 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:61418 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61419 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61420 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61421 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61451 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61452 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61453 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61534 <-> SERVER-WEBAPP Avaya Aura Device Services PhoneBackup arbitrary PHP file upload attempt
* 1:61579 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61580 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61581 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61677 <-> SERVER-WEBAPP PaperCut MF/NG PrintScript sandbox setting modification attempt
* 1:61690 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61691 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61698 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:61709 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:61766 <-> SERVER-WEBAPP PaperCut MF/NG remote code execution attempt
* 1:62036 <-> SERVER-WEBAPP LB-Link Multiple BL Routers command injection attempt
* 1:62043 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62044 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62045 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62046 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62113 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62114 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62115 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62116 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62204 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62205 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62206 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62207 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62230 <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router ViewLog.asp command injection attempt
* 1:62240 <-> SERVER-WEBAPP Trend Micro Mobile Security for Enterprise directory traversal attempt
* 1:62249 <-> SERVER-WEBAPP Node.js vm2 Proxy sandbox escape attempt
* 1:62346 <-> SERVER-WEBAPP Ivanti Sentry MICSLogService command execution attempt
* 1:62384 <-> SERVER-WEBAPP WordPress wpForo Plugin file inclusion attempt
* 1:62512 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62513 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62520 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62521 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62522 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62523 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62555 <-> SERVER-WEBAPP Progress WS_FTP Server insecure deserialization attempt
* 1:62629 <-> SERVER-WEBAPP Atlassian Confluence authentication bypass attempt
* 1:62677 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62678 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62679 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62695 <-> SERVER-WEBAPP ownCloud Graph API information disclosure attempt
* 1:62758 <-> SERVER-WEBAPP PHPFusion downloads.php command injection attempt
* 1:62761 <-> SERVER-WEBAPP Qlik Sense Enterprise HTTP tunneling attempt
* 1:62776 <-> SERVER-WEBAPP Qlik Sense Enterprise directory traversal attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:62828 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62829 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62845 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62846 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62851 <-> SERVER-WEBAPP Schneider Electric IIoT Monitor frmUpdateSetting directory traversal attempt
* 1:62886 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62888 <-> SERVER-WEBAPP Apache Superset unsafe database connection string attempt
* 1:62950 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:62951 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:63309 <-> SERVER-WEBAPP Palo Alto Networks Firewall directory traversal attempt
* 1:63310 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63311 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63313 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63314 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63604 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:63855 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:65184 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt

31470

2026-04-21 12:03:03 UTC

Snort Subscriber Rules Update

Date: 2026-04-20-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:66307 <-> SERVER-WEBAPP GLPI Inventory Agent SQL injection attempt
* 1:66308 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66309 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66310 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66311 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66312 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66313 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66314 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66315 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66316 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66317 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66318 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66319 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66320 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66321 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66322 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66323 <-> SERVER-WEBAPP Centreon Web generateImage.php SQL injection attempt
* 1:66324 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66325 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66326 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66327 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66328 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66329 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66330 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66331 <-> SERVER-WEBAPP Apache ActiveMQ remote code execution attempt
* 1:66332 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66333 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66334 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66335 <-> SERVER-WEBAPP Siemens SINEC NMS moveFolder SQL injection attempt
* 1:66336 <-> SERVER-WEBAPP FlowiseAI Flowise arbitrary code execution attempt
* 1:66337 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66338 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66339 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66340 <-> OS-WINDOWS Microsoft Visual Studio git clone argument injection attempt
* 1:66341 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66342 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66343 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66344 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66345 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66346 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66347 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66348 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66349 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66350 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66351 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66352 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66353 <-> SERVER-WEBAPP Zimbra Collaboration SQL injection attempt

Modified Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt
* 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:300210 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300211 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300247 <-> SERVER-WEBAPP PAN-OS Simple Certificate Enrollment Protocol arbitrary PHP file upload attempt
* 1:300305 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:300361 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:300376 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300377 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300378 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300477 <-> SERVER-WEBAPP Avaya Aura Device Services cross site scripting attempt
* 1:300521 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:300523 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300785 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300786 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300787 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:300804 <-> SERVER-WEBAPP GitLab password reset authentication bypass attempt
* 1:300805 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:300847 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:300848 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:45112 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:45113 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58670 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58671 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58672 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58676 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58677 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58678 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt
* 1:58721 <-> SERVER-WEBAPP Grafana getPluginAssets path traversal attempt
* 1:58745 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58746 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58747 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58748 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58797 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58798 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58799 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58800 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58855 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway register2 Client SQL injection attempt
* 1:58857 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58858 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58861 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58862 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58863 <-> SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt
* 1:58864 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58905 <-> SERVER-WEBAPP OneDev AttachmentUploadServet arbitrary Java deserialization attempt
* 1:58959 <-> SERVER-WEBAPP WordPress Core SQL injection attempt
* 1:58960 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58961 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58962 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58966 <-> SERVER-WEBAPP Apache Airflow command injection attempt
* 1:58974 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58975 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58976 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58977 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58980 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58981 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58982 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58983 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58985 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58986 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58995 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58996 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58997 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58998 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:59003 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise SQL injection attempt
* 1:59017 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Java expression language injection attempt
* 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59080 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59081 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59082 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59090 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData API SQL injection attempt
* 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt
* 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt
* 1:59236 <-> SERVER-WEBAPP Sitecore XP insecure deserialization attempt
* 1:59246 <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt
* 1:59292 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59293 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59298 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59299 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
* 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt
* 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59482 <-> SERVER-WEBAPP Oracle Business Intelligencee BIRemotingServlet deserialization remote code execution attempt
* 1:59483 <-> SERVER-WEBAPP GilaCMS arbitrary php file upload attempt
* 1:59499 <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt
* 1:59514 <-> SERVER-WEBAPP CentOS Web Panel authentication bypass attempt
* 1:59515 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59516 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59517 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt
* 1:59804 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59805 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59806 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59807 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59808 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59809 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59810 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59811 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59812 <-> SERVER-WEBAPP Citrix SD-WAN Appliance SQL injection attempt
* 1:59813 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59814 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59815 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59816 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59817 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59818 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59819 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59820 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt
* 1:59910 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59911 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59912 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59913 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59914 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59915 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59916 <-> SERVER-WEBAPP Netgear ProSAFE switch debug command execution attempt
* 1:59921 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59922 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59923 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59924 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59925 <-> SERVER-WEBAPP Multiple products OGNL expression injection attempt
* 1:59934 <-> SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt
* 1:59939 <-> SERVER-WEBAPP Zyxel Firewall command injection attempt
* 1:59940 <-> SERVER-WEBAPP DotCMS directory traversal attempt
* 1:59951 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59952 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59953 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59954 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59959 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59960 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59961 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59962 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59963 <-> SERVER-WEBAPP FatPipe WARP and VPN arbitrary JSP file upload attempt
* 1:59964 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59965 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59966 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59976 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59977 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59978 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:60043 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60044 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60045 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60046 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60062 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60063 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60064 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60065 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60073 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60074 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60075 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60085 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60086 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60087 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60092 <-> SERVER-WEBAPP Kaseya VSA arbitrary JSP file upload attempt
* 1:60093 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60094 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60095 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60107 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60108 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60109 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60110 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60111 <-> SERVER-WEBAPP SAP NetWeaver arbitrary JSP file upload attempt
* 1:60112 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60113 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60114 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60121 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60122 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60156 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60157 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60158 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60159 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60160 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60161 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60162 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60165 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:60167 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60168 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60169 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60170 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60171 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60172 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60173 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60230 <-> SERVER-WEBAPP NETGEAR router remote code execution attempt
* 1:60231 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60232 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60233 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60234 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60235 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60236 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60241 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60242 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60256 <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt
* 1:60257 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60258 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60259 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60262 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60263 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60328 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60329 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60358 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60359 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60360 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60361 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60364 <-> SERVER-WEBAPP AudioCode 400HD command injection attempt
* 1:60403 <-> SERVER-WEBAPP VMware Workspace ONE Access and vRealize Automation authentication bypass attempt
* 1:60418 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60419 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60420 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60421 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60434 <-> SERVER-WEBAPP Zimbra directory traversal remote code execution attempt
* 1:60486 <-> SERVER-WEBAPP Microsoft Exchange Server MailboxExport arbitrary file write attempt
* 1:60509 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60510 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60511 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60561 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60562 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60563 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60564 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60565 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60566 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60567 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60568 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60609 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60610 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60633 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60635 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60636 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60642 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60670 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60671 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60672 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60673 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60674 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60675 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60676 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60677 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60678 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60679 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60680 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60697 <-> SERVER-WEBAPP VICIdial user_stats.php SQL injection attempt
* 1:60729 <-> SERVER-WEBAPP vm2 remote code execution attempt
* 1:60784 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60786 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60789 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60791 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60792 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
* 1:60803 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60804 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60840 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60841 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60842 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60855 <-> SERVER-WEBAPP JXPath remote code execution attempt
* 1:61042 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:61068 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61109 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61114 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-WEBAPP Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61117 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61120 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61122 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61123 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61124 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61126 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61127 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-WEBAPP Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61135 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61139 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61141 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61144 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61149 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61177 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61178 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61179 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP file injection attempt
* 1:61180 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61181 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61194 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:61418 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61419 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61420 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61421 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61451 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61452 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61453 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61534 <-> SERVER-WEBAPP Avaya Aura Device Services PhoneBackup arbitrary PHP file upload attempt
* 1:61579 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61580 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61581 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61677 <-> SERVER-WEBAPP PaperCut MF/NG PrintScript sandbox setting modification attempt
* 1:61690 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61691 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61698 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:61709 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:61766 <-> SERVER-WEBAPP PaperCut MF/NG remote code execution attempt
* 1:62036 <-> SERVER-WEBAPP LB-Link Multiple BL Routers command injection attempt
* 1:62043 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62044 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62045 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62046 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62113 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62114 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62115 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62116 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62204 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62205 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62206 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62207 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62230 <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router ViewLog.asp command injection attempt
* 1:62240 <-> SERVER-WEBAPP Trend Micro Mobile Security for Enterprise directory traversal attempt
* 1:62249 <-> SERVER-WEBAPP Node.js vm2 Proxy sandbox escape attempt
* 1:62346 <-> SERVER-WEBAPP Ivanti Sentry MICSLogService command execution attempt
* 1:62384 <-> SERVER-WEBAPP WordPress wpForo Plugin file inclusion attempt
* 1:62512 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62513 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62520 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62521 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62522 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62523 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62555 <-> SERVER-WEBAPP Progress WS_FTP Server insecure deserialization attempt
* 1:62629 <-> SERVER-WEBAPP Atlassian Confluence authentication bypass attempt
* 1:62677 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62678 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62679 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62695 <-> SERVER-WEBAPP ownCloud Graph API information disclosure attempt
* 1:62758 <-> SERVER-WEBAPP PHPFusion downloads.php command injection attempt
* 1:62761 <-> SERVER-WEBAPP Qlik Sense Enterprise HTTP tunneling attempt
* 1:62776 <-> SERVER-WEBAPP Qlik Sense Enterprise directory traversal attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:62828 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62829 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62845 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62846 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62851 <-> SERVER-WEBAPP Schneider Electric IIoT Monitor frmUpdateSetting directory traversal attempt
* 1:62886 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62888 <-> SERVER-WEBAPP Apache Superset unsafe database connection string attempt
* 1:62950 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:62951 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:63309 <-> SERVER-WEBAPP Palo Alto Networks Firewall directory traversal attempt
* 1:63310 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63311 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63313 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63314 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63604 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:63855 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:65184 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt

31100

2026-04-21 12:03:03 UTC

Snort Subscriber Rules Update

Date: 2026-04-20-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.11.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:66307 <-> SERVER-WEBAPP GLPI Inventory Agent SQL injection attempt
* 1:66308 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66309 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66310 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66311 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66312 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66313 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66314 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66315 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66316 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66317 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66318 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66319 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66320 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66321 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66322 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66323 <-> SERVER-WEBAPP Centreon Web generateImage.php SQL injection attempt
* 1:66324 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66325 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66326 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66327 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66328 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66329 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66330 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66331 <-> SERVER-WEBAPP Apache ActiveMQ remote code execution attempt
* 1:66332 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66333 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66334 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66335 <-> SERVER-WEBAPP Siemens SINEC NMS moveFolder SQL injection attempt
* 1:66336 <-> SERVER-WEBAPP FlowiseAI Flowise arbitrary code execution attempt
* 1:66337 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66338 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66339 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66340 <-> OS-WINDOWS Microsoft Visual Studio git clone argument injection attempt
* 1:66341 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66342 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66343 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66344 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66345 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66346 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66347 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66348 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66349 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66350 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66351 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66352 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66353 <-> SERVER-WEBAPP Zimbra Collaboration SQL injection attempt

Modified Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt
* 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:300210 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300211 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300247 <-> SERVER-WEBAPP PAN-OS Simple Certificate Enrollment Protocol arbitrary PHP file upload attempt
* 1:300305 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:300361 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:300376 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300377 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300378 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300477 <-> SERVER-WEBAPP Avaya Aura Device Services cross site scripting attempt
* 1:300521 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:300523 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300785 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300786 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300787 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:300804 <-> SERVER-WEBAPP GitLab password reset authentication bypass attempt
* 1:300805 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:300847 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:300848 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:45112 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:45113 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58670 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58671 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58672 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58676 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58677 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58678 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt
* 1:58721 <-> SERVER-WEBAPP Grafana getPluginAssets path traversal attempt
* 1:58745 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58746 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58747 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58748 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58797 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58798 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58799 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58800 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58855 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway register2 Client SQL injection attempt
* 1:58857 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58858 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58861 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58862 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58863 <-> SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt
* 1:58864 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58905 <-> SERVER-WEBAPP OneDev AttachmentUploadServet arbitrary Java deserialization attempt
* 1:58959 <-> SERVER-WEBAPP WordPress Core SQL injection attempt
* 1:58960 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58961 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58962 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58966 <-> SERVER-WEBAPP Apache Airflow command injection attempt
* 1:58974 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58975 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58976 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58977 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58980 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58981 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58982 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58983 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58985 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58986 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58995 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58996 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58997 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58998 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:59003 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise SQL injection attempt
* 1:59017 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Java expression language injection attempt
* 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59080 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59081 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59082 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59090 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData API SQL injection attempt
* 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt
* 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt
* 1:59236 <-> SERVER-WEBAPP Sitecore XP insecure deserialization attempt
* 1:59246 <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt
* 1:59292 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59293 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59298 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59299 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
* 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt
* 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59482 <-> SERVER-WEBAPP Oracle Business Intelligencee BIRemotingServlet deserialization remote code execution attempt
* 1:59483 <-> SERVER-WEBAPP GilaCMS arbitrary php file upload attempt
* 1:59499 <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt
* 1:59514 <-> SERVER-WEBAPP CentOS Web Panel authentication bypass attempt
* 1:59515 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59516 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59517 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt
* 1:59804 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59805 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59806 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59807 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59808 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59809 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59810 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59811 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59812 <-> SERVER-WEBAPP Citrix SD-WAN Appliance SQL injection attempt
* 1:59813 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59814 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59815 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59816 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59817 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59818 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59819 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59820 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt
* 1:59910 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59911 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59912 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59913 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59914 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59915 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59916 <-> SERVER-WEBAPP Netgear ProSAFE switch debug command execution attempt
* 1:59921 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59922 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59923 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59924 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59925 <-> SERVER-WEBAPP Multiple products OGNL expression injection attempt
* 1:59934 <-> SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt
* 1:59939 <-> SERVER-WEBAPP Zyxel Firewall command injection attempt
* 1:59940 <-> SERVER-WEBAPP DotCMS directory traversal attempt
* 1:59951 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59952 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59953 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59954 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59959 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59960 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59961 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59962 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59963 <-> SERVER-WEBAPP FatPipe WARP and VPN arbitrary JSP file upload attempt
* 1:59964 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59965 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59966 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59976 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59977 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59978 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:60043 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60044 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60045 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60046 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60062 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60063 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60064 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60065 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60073 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60074 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60075 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60085 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60086 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60087 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60092 <-> SERVER-WEBAPP Kaseya VSA arbitrary JSP file upload attempt
* 1:60093 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60094 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60095 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60107 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60108 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60109 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60110 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60111 <-> SERVER-WEBAPP SAP NetWeaver arbitrary JSP file upload attempt
* 1:60112 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60113 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60114 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60121 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60122 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60156 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60157 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60158 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60159 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60160 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60161 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60162 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60165 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:60167 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60168 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60169 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60170 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60171 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60172 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60173 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60230 <-> SERVER-WEBAPP NETGEAR router remote code execution attempt
* 1:60231 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60232 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60233 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60234 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60235 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60236 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60241 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60242 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60256 <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt
* 1:60257 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60258 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60259 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60262 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60263 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60328 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60329 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60358 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60359 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60360 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60361 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60364 <-> SERVER-WEBAPP AudioCode 400HD command injection attempt
* 1:60403 <-> SERVER-WEBAPP VMware Workspace ONE Access and vRealize Automation authentication bypass attempt
* 1:60418 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60419 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60420 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60421 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60434 <-> SERVER-WEBAPP Zimbra directory traversal remote code execution attempt
* 1:60486 <-> SERVER-WEBAPP Microsoft Exchange Server MailboxExport arbitrary file write attempt
* 1:60509 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60510 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60511 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60561 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60562 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60563 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60564 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60565 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60566 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60567 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60568 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60609 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60610 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60633 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60635 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60636 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60642 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60670 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60671 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60672 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60673 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60674 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60675 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60676 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60677 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60678 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60679 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60680 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60697 <-> SERVER-WEBAPP VICIdial user_stats.php SQL injection attempt
* 1:60729 <-> SERVER-WEBAPP vm2 remote code execution attempt
* 1:60784 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60786 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60789 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60791 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60792 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
* 1:60803 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60804 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60840 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60841 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60842 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60855 <-> SERVER-WEBAPP JXPath remote code execution attempt
* 1:61042 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:61068 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61109 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61114 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-WEBAPP Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61117 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61120 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61122 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61123 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61124 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61126 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61127 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-WEBAPP Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61135 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61139 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61141 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61144 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61149 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61177 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61178 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61179 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP file injection attempt
* 1:61180 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61181 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61194 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:61418 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61419 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61420 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61421 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61451 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61452 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61453 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61534 <-> SERVER-WEBAPP Avaya Aura Device Services PhoneBackup arbitrary PHP file upload attempt
* 1:61579 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61580 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61581 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61677 <-> SERVER-WEBAPP PaperCut MF/NG PrintScript sandbox setting modification attempt
* 1:61690 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61691 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61698 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:61709 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:61766 <-> SERVER-WEBAPP PaperCut MF/NG remote code execution attempt
* 1:62036 <-> SERVER-WEBAPP LB-Link Multiple BL Routers command injection attempt
* 1:62043 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62044 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62045 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62046 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62113 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62114 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62115 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62116 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62204 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62205 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62206 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62207 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62230 <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router ViewLog.asp command injection attempt
* 1:62240 <-> SERVER-WEBAPP Trend Micro Mobile Security for Enterprise directory traversal attempt
* 1:62249 <-> SERVER-WEBAPP Node.js vm2 Proxy sandbox escape attempt
* 1:62346 <-> SERVER-WEBAPP Ivanti Sentry MICSLogService command execution attempt
* 1:62384 <-> SERVER-WEBAPP WordPress wpForo Plugin file inclusion attempt
* 1:62512 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62513 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62520 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62521 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62522 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62523 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62555 <-> SERVER-WEBAPP Progress WS_FTP Server insecure deserialization attempt
* 1:62629 <-> SERVER-WEBAPP Atlassian Confluence authentication bypass attempt
* 1:62677 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62678 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62679 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62695 <-> SERVER-WEBAPP ownCloud Graph API information disclosure attempt
* 1:62758 <-> SERVER-WEBAPP PHPFusion downloads.php command injection attempt
* 1:62761 <-> SERVER-WEBAPP Qlik Sense Enterprise HTTP tunneling attempt
* 1:62776 <-> SERVER-WEBAPP Qlik Sense Enterprise directory traversal attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:62828 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62829 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62845 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62846 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62851 <-> SERVER-WEBAPP Schneider Electric IIoT Monitor frmUpdateSetting directory traversal attempt
* 1:62886 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62888 <-> SERVER-WEBAPP Apache Superset unsafe database connection string attempt
* 1:62950 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:62951 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:63309 <-> SERVER-WEBAPP Palo Alto Networks Firewall directory traversal attempt
* 1:63310 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63311 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63313 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63314 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63604 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:63855 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:65184 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt

31200

2026-04-21 12:03:03 UTC

Snort Subscriber Rules Update

Date: 2026-04-20-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.12.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:66307 <-> SERVER-WEBAPP GLPI Inventory Agent SQL injection attempt
* 1:66308 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66309 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66310 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66311 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66312 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66313 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66314 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66315 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66316 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager SQL injection attempt
* 1:66317 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66318 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66319 <-> SERVER-WEBAPP Zoho ManageEngine OpManager SQL injection attempt
* 1:66320 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66321 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66322 <-> SERVER-WEBAPP Centreon Web service_hgPars SQL injection attempt
* 1:66323 <-> SERVER-WEBAPP Centreon Web generateImage.php SQL injection attempt
* 1:66324 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66325 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66326 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66327 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66328 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66329 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66330 <-> SERVER-WEBAPP Delta Industrial Automation DIAEnergie SQL injection attempt
* 1:66331 <-> SERVER-WEBAPP Apache ActiveMQ remote code execution attempt
* 1:66332 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66333 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66334 <-> PROTOCOL-SCADA Rockwell Automation FactoryTalk Security compromised encryption key use detected
* 1:66335 <-> SERVER-WEBAPP Siemens SINEC NMS moveFolder SQL injection attempt
* 1:66336 <-> SERVER-WEBAPP FlowiseAI Flowise arbitrary code execution attempt
* 1:66337 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66338 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66339 <-> SERVER-WEBAPP Advantech iView SQL injection attempt
* 1:66340 <-> OS-WINDOWS Microsoft Visual Studio git clone argument injection attempt
* 1:66341 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66342 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66343 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66344 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66345 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66346 <-> SERVER-OTHER Docker AuthZ Plugin authentication bypass attempt
* 1:66347 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66348 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66349 <-> SERVER-WEBAPP Parse Server SQL injection attempt
* 1:66350 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66351 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66352 <-> SERVER-WEBAPP WordPress Tutor LMS Plugin SQL injection attempt
* 1:66353 <-> SERVER-WEBAPP Zimbra Collaboration SQL injection attempt

Modified Rules:

* 1:300025 <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt
* 1:300053 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt
* 1:300112 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300113 <-> SERVER-WEBAPP HPE Intelligent Management Center ByteMessageResource insecure deserialization attempt
* 1:300131 <-> SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt
* 1:300210 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300211 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:300247 <-> SERVER-WEBAPP PAN-OS Simple Certificate Enrollment Protocol arbitrary PHP file upload attempt
* 1:300305 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:300361 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:300376 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300377 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300378 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:300477 <-> SERVER-WEBAPP Avaya Aura Device Services cross site scripting attempt
* 1:300521 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:300523 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300785 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300786 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:300787 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:300804 <-> SERVER-WEBAPP GitLab password reset authentication bypass attempt
* 1:300805 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:300847 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:300848 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:45112 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:45113 <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt
* 1:58646 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58647 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58648 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58649 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58670 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58671 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58672 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet DLPIncidentStatusChangeResult SQL injection attempt
* 1:58676 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58677 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58678 <-> SERVER-WEBAPP GE MDS PulseNET FileServlet directory traversal attempt
* 1:58679 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58680 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58681 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58682 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58709 <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt
* 1:58721 <-> SERVER-WEBAPP Grafana getPluginAssets path traversal attempt
* 1:58745 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58746 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58747 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58748 <-> SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt
* 1:58797 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58798 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58799 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58800 <-> SERVER-WEBAPP LibreNMS Collectd command injection attempt
* 1:58821 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58822 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58823 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58824 <-> SERVER-WEBAPP WebSVN search command injection attempt
* 1:58825 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58826 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58827 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58828 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated command injection attempt
* 1:58829 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58830 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58831 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58832 <-> SERVER-WEBAPP DLINK DWL-2600 Authenticated Config Upgrade command injection attempt
* 1:58841 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58842 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Java expression language injection attempt
* 1:58847 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58848 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58849 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway requestDomains hidDomains SQL injection attempt
* 1:58855 <-> SERVER-WEBAPP Trend Micro Encryption Email Gateway register2 Client SQL injection attempt
* 1:58857 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58858 <-> SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt
* 1:58861 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58862 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58863 <-> SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt
* 1:58864 <-> SERVER-WEBAPP ManageEngine Desktop Central LogUploader servlets directory traversal attempt
* 1:58905 <-> SERVER-WEBAPP OneDev AttachmentUploadServet arbitrary Java deserialization attempt
* 1:58959 <-> SERVER-WEBAPP WordPress Core SQL injection attempt
* 1:58960 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58961 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58962 <-> SERVER-WEBAPP Aviatrix Controller directory traversal attempt
* 1:58966 <-> SERVER-WEBAPP Apache Airflow command injection attempt
* 1:58974 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58975 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58976 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58977 <-> SERVER-WEBAPP Webmin Usermin secret.cgi command injection attempt
* 1:58980 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58981 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58982 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58983 <-> SERVER-WEBAPP System Information Library for node.js command injection attempt
* 1:58985 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58986 <-> SERVER-WEBAPP OneDev Platform AttachmentUploadServet arbitrary Java object deserialization attempt
* 1:58995 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58996 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58997 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:58998 <-> SERVER-WEBAPP Gemtek WVRTM-127ACN command injection attempt
* 1:59003 <-> SERVER-WEBAPP Trend Micro SafeSync for Enterprise SQL injection attempt
* 1:59017 <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center Java expression language injection attempt
* 1:59072 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59073 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59074 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59075 <-> SERVER-WEBAPP D-Link Routers command injection attempt
* 1:59080 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59081 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59082 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData Alarms section SQL injection attempt
* 1:59090 <-> SERVER-WEBAPP Zoho ManageEngine OpManager GetGraphData API SQL injection attempt
* 1:59103 <-> SERVER-WEBAPP October CMS authentication bypass attempt
* 1:59126 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59127 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59128 <-> SERVER-WEBAPP Advantech iView UserServlet SQL injection attempt
* 1:59129 <-> SERVER-WEBAPP VMware vCenter Server file upload attempt
* 1:59236 <-> SERVER-WEBAPP Sitecore XP insecure deserialization attempt
* 1:59246 <-> SERVER-WEBAPP Apache Log4j logging remote code execution attempt
* 1:59292 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59293 <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus SiteLookup.do cross site scripting attempt
* 1:59298 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59299 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59305 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59306 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59307 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59308 <-> SERVER-WEBAPP OCS Inventory NG command injection attempt
* 1:59319 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59320 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59321 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM UpgradeMgmt upload_ota directory traversal attempt
* 1:59323 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59324 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59325 <-> SERVER-WEBAPP Trend Micro Apex One and OfficeScan directory traversal attempt
* 1:59326 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59327 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59328 <-> SERVER-WEBAPP rConfig compliance policies SQL injection attempt
* 1:59329 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59330 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59331 <-> SERVER-WEBAPP rConfig snippets SQL injection attempt
* 1:59355 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59356 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59357 <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt
* 1:59358 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59359 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59360 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager AlertRes_Mtrgrp jsp sid SQL injection attempt
* 1:59361 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59362 <-> SERVER-WEBAPP YouPHPTube checkConfiguration php PHP code injection attempt
* 1:59368 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59369 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59370 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59371 <-> SERVER-WEBAPP GitLab Wiki API Attachments command injection attempt
* 1:59372 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59373 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59374 <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt
* 1:59375 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59376 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59377 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi directory traversal attempt
* 1:59378 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59379 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59380 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59381 <-> SERVER-WEBAPP IPFire Firewall Web Interface backup cgi command injection attempt
* 1:59382 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59383 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59384 <-> SERVER-WEBAPP Zoho ManageEngine Applications Manager Popup_SLA SQL injection attempt
* 1:59385 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59386 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59387 <-> SERVER-WEBAPP Advantech WebAccess NMS download directory traversal attempt
* 1:59388 <-> SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt
* 1:59389 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59390 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59391 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59392 <-> SERVER-WEBAPP Trend Micro Control Manager GetRuleList SQL injection attempt
* 1:59393 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59394 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59395 <-> SERVER-WEBAPP HPE Moonshot Provisioning Manager Appliance directory traversal attempt
* 1:59402 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59403 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59404 <-> SERVER-WEBAPP TimeClock Software 1.01 authenticated time based SQL injection attempt
* 1:59416 <-> SERVER-WEBAPP Java getRuntime remote code execution attempt
* 1:59432 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59433 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59434 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59435 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance Password command injection attempt
* 1:59436 <-> SERVER-WEBAPP Advantech WISE-PaaS RMM SQLMgmt qryData SQL injection attempt
* 1:59443 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59444 <-> SERVER-WEBAPP Trend Micro Interscan MailNotification buffer overflow attempt
* 1:59482 <-> SERVER-WEBAPP Oracle Business Intelligencee BIRemotingServlet deserialization remote code execution attempt
* 1:59483 <-> SERVER-WEBAPP GilaCMS arbitrary php file upload attempt
* 1:59499 <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt
* 1:59514 <-> SERVER-WEBAPP CentOS Web Panel authentication bypass attempt
* 1:59515 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59516 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59517 <-> SERVER-WEBAPP CentOS Web Panel PHP file injection attempt
* 1:59541 <-> SERVER-WEBAPP Harbor Project Harbor admin account creation attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59647 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59648 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59649 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59650 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59652 <-> SERVER-WEBAPP WSO2 multiple products directory traversal attempt
* 1:59804 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59805 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59806 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59807 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59808 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59809 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59810 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59811 <-> SERVER-WEBAPP LG N1A1 NAS command injection attempt
* 1:59812 <-> SERVER-WEBAPP Citrix SD-WAN Appliance SQL injection attempt
* 1:59813 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59814 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59815 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59816 <-> SERVER-WEBAPP Citrix SD-WAN Appliance command injection attempt
* 1:59817 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59818 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59819 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59820 <-> SERVER-WEBAPP Netgear R8500 multiple parameters command injection attempt
* 1:59836 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59837 <-> SERVER-WEBAPP Jenkins Pipeline Groovy plugin Java expression language injection attempt
* 1:59876 <-> SERVER-WEBAPP Apache Solr configset Java expression language injection attempt
* 1:59910 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59911 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59912 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59913 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59914 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59915 <-> SERVER-WEBAPP SonicWall Secure Remote Access SQL injection attempt
* 1:59916 <-> SERVER-WEBAPP Netgear ProSAFE switch debug command execution attempt
* 1:59921 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59922 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59923 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59924 <-> SERVER-WEBAPP Netgear R8500 command injection attempt
* 1:59925 <-> SERVER-WEBAPP Multiple products OGNL expression injection attempt
* 1:59934 <-> SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt
* 1:59939 <-> SERVER-WEBAPP Zyxel Firewall command injection attempt
* 1:59940 <-> SERVER-WEBAPP DotCMS directory traversal attempt
* 1:59951 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59952 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59953 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59954 <-> SERVER-WEBAPP D-Link router command injection attempt
* 1:59959 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59960 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59961 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59962 <-> SERVER-WEBAPP D-Link command injection attempt
* 1:59963 <-> SERVER-WEBAPP FatPipe WARP and VPN arbitrary JSP file upload attempt
* 1:59964 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59965 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59966 <-> SERVER-WEBAPP SonicWall SMA and SRA Appliances directory traversal attempt
* 1:59976 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59977 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:59978 <-> SERVER-WEBAPP Sonic Wall SRA and SMA appliances SQL injection attempt
* 1:60043 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60044 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60045 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60046 <-> SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt
* 1:60062 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60063 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60064 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60065 <-> SERVER-WEBAPP Sonic Wall SRA and SMA command injection attempt
* 1:60073 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60074 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60075 <-> SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt
* 1:60085 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60086 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60087 <-> SERVER-WEBAPP OctoberCMS PHP file injection attempt
* 1:60092 <-> SERVER-WEBAPP Kaseya VSA arbitrary JSP file upload attempt
* 1:60093 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60094 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60095 <-> SERVER-WEBAPP Kaseya VSA SQL injection attempt
* 1:60107 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60108 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60109 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60110 <-> SERVER-WEBAPP QNAP QTS command injection attempt
* 1:60111 <-> SERVER-WEBAPP SAP NetWeaver arbitrary JSP file upload attempt
* 1:60112 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60113 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60114 <-> SERVER-WEBAPP SAP NetWeaver directory traversal attempt
* 1:60121 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60122 <-> SERVER-WEBAPP MiVoice Connect command injection attempt
* 1:60156 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60157 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60158 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60159 <-> SERVER-WEBAPP Tenda Router formPing command injection attempt
* 1:60160 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60161 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60162 <-> SERVER-WEBAPP Joomla Core directory traversal attempt
* 1:60165 <-> SERVER-WEBAPP Zoho ManageEngine NetFlow Analyzer ReportApiHandler compareReport SQL injection attempt
* 1:60167 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60168 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60169 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60170 <-> SERVER-WEBAPP QNAP NAS command injection attempt
* 1:60171 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60172 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60173 <-> SERVER-WEBAPP Moodle LMS SQL injection attempt
* 1:60184 <-> SERVER-WEBAPP Oracle ADF RemoteApplicationResourceLoader potential unsafe deserialization attempt
* 1:60197 <-> SERVER-WEBAPP D-Link SetNTPserverSeting command injection attempt
* 1:60230 <-> SERVER-WEBAPP NETGEAR router remote code execution attempt
* 1:60231 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60232 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-acknerr-request command injection attempt
* 1:60233 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60234 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-refresh-request command injection attempt
* 1:60235 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60236 <-> SERVER-WEBAPP Festo CECC-X-M1 cecc-x-web-viewer-request command injection attempt
* 1:60241 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60242 <-> SERVER-WEBAPP Microsoft Exchange MAPI arbitrary file write attempt
* 1:60256 <-> SERVER-WEBAPP Nexus Repository Manager Java EL Injection RCE attempt
* 1:60257 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60258 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60259 <-> SERVER-WEBAPP Oracle Business Intelligence Enterprise Edition getPreviewImage directory traversal attempt
* 1:60262 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60263 <-> SERVER-WEBAPP WatchGuard Firebox and XTM appliances privilege escalation attempt
* 1:60328 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60329 <-> SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt
* 1:60358 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60359 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60360 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60361 <-> SERVER-WEBAPP Apache Spark command injection attempt
* 1:60364 <-> SERVER-WEBAPP AudioCode 400HD command injection attempt
* 1:60403 <-> SERVER-WEBAPP VMware Workspace ONE Access and vRealize Automation authentication bypass attempt
* 1:60418 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60419 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60420 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60421 <-> SERVER-WEBAPP HID Mercury Access Controller command injection attempt
* 1:60434 <-> SERVER-WEBAPP Zimbra directory traversal remote code execution attempt
* 1:60486 <-> SERVER-WEBAPP Microsoft Exchange Server MailboxExport arbitrary file write attempt
* 1:60509 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60510 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60511 <-> SERVER-WEBAPP Grafana authentication bypass attempt
* 1:60559 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60560 <-> SERVER-WEBAPP Atlassian Confluence information disclosure attempt
* 1:60561 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60562 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60563 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60564 <-> SERVER-WEBAPP D-Link DIR-820L command injection attempt
* 1:60565 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60566 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60567 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60568 <-> SERVER-WEBAPP D-Link getcfg value command injection attempt
* 1:60609 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60610 <-> SERVER-WEBAPP D-Link DCS-930L devices OS command injection attempt
* 1:60633 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60635 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60636 <-> SERVER-WEBAPP Cayin Signage Media Player command injection attempt
* 1:60642 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60670 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60671 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60672 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60673 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60674 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60675 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60676 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60677 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60678 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:60679 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60680 <-> SERVER-WEBAPP Advantech iView NetworkServlet command injection attempt
* 1:60697 <-> SERVER-WEBAPP VICIdial user_stats.php SQL injection attempt
* 1:60729 <-> SERVER-WEBAPP vm2 remote code execution attempt
* 1:60784 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60786 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60789 <-> SERVER-WEBAPP GLPI Project external token SQL injection attempt
* 1:60791 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60792 <-> SERVER-WEBAPP GLPI htmlawed php remote code execution attempt
* 1:60793 <-> SERVER-WEBAPP VMware Cloud Foundation NSX Manager XStream remote code execution attempt
* 1:60803 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60804 <-> SERVER-WEBAPP Adobe BlazeDS XML external entity injection attempt
* 1:60840 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60841 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60842 <-> SERVER-WEBAPP Joomla J2Store plugin SQL injection attempt
* 1:60855 <-> SERVER-WEBAPP JXPath remote code execution attempt
* 1:61042 <-> SERVER-WEBAPP Microsoft Exchange Server remote code execution attempt
* 1:61068 <-> SERVER-WEBAPP TIBCO JasperReports reportresource directory traversal attempt
* 1:61081 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61082 <-> SERVER-WEBAPP mojoPortal Forums txtTitle cross site scripting attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61109 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61114 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-WEBAPP Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61117 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61120 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61122 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61123 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61124 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61126 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61127 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-WEBAPP Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61135 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61139 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61141 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61144 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61149 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-WEBAPP Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-WEBAPP Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-WEBAPP Fscan scanner command injection attempt
* 1:61177 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61178 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP webshell access attempt
* 1:61179 <-> SERVER-WEBAPP SugarCRM EmailTemplates PHP file injection attempt
* 1:61180 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61181 <-> SERVER-WEBAPP SugarCRM EmailTemplates authentication bypass attempt
* 1:61194 <-> SERVER-WEBAPP Centos Web Panel 7 unauthenticated command injection attempt
* 1:61418 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61419 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61420 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61421 <-> SERVER-WEBAPP Grandstream GXV31XX unauthenticated command injection attempt
* 1:61451 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61452 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61453 <-> SERVER-WEBAPP Zoho ManageEngine multiple products remote code execution attempt
* 1:61534 <-> SERVER-WEBAPP Avaya Aura Device Services PhoneBackup arbitrary PHP file upload attempt
* 1:61579 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61580 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61581 <-> SERVER-WEBAPP CONTEC CONPROSYS HMI System command injection attempt
* 1:61677 <-> SERVER-WEBAPP PaperCut MF/NG PrintScript sandbox setting modification attempt
* 1:61690 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61691 <-> SERVER-WEBAPP Adobe RoboHelp Server fileName directory traversal attempt
* 1:61698 <-> SERVER-WEBAPP Zoho ManageEngine Network Configuration Manager Ping command injection attempt
* 1:61709 <-> SERVER-WEBAPP TP-Link Archer Router command injection attempt
* 1:61766 <-> SERVER-WEBAPP PaperCut MF/NG remote code execution attempt
* 1:62036 <-> SERVER-WEBAPP LB-Link Multiple BL Routers command injection attempt
* 1:62043 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62044 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62045 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62046 <-> SERVER-WEBAPP Zyxel NAS web interface command injection attempt
* 1:62113 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62114 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62115 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62116 <-> SERVER-WEBAPP GetSimple CMS PHP code injection attempt
* 1:62204 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62205 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62206 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62207 <-> SERVER-WEBAPP Contec CONPROSYS HMI System SQL injection attempt
* 1:62230 <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router ViewLog.asp command injection attempt
* 1:62240 <-> SERVER-WEBAPP Trend Micro Mobile Security for Enterprise directory traversal attempt
* 1:62249 <-> SERVER-WEBAPP Node.js vm2 Proxy sandbox escape attempt
* 1:62346 <-> SERVER-WEBAPP Ivanti Sentry MICSLogService command execution attempt
* 1:62384 <-> SERVER-WEBAPP WordPress wpForo Plugin file inclusion attempt
* 1:62512 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62513 <-> SERVER-WEBAPP Ivanti Avalanche Remote Control Server updateSkin directory traversal attempt
* 1:62520 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62521 <-> SERVER-WEBAPP Adobe ColdFusion improper access control bypass attempt
* 1:62522 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62523 <-> SERVER-WEBAPP VMware Aria Operations for Networks saveFileToDisk directory traversal attempt
* 1:62555 <-> SERVER-WEBAPP Progress WS_FTP Server insecure deserialization attempt
* 1:62629 <-> SERVER-WEBAPP Atlassian Confluence authentication bypass attempt
* 1:62677 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62678 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62679 <-> SERVER-WEBAPP Juniper Junos OS potential information leak attempt
* 1:62695 <-> SERVER-WEBAPP ownCloud Graph API information disclosure attempt
* 1:62758 <-> SERVER-WEBAPP PHPFusion downloads.php command injection attempt
* 1:62761 <-> SERVER-WEBAPP Qlik Sense Enterprise HTTP tunneling attempt
* 1:62776 <-> SERVER-WEBAPP Qlik Sense Enterprise directory traversal attempt
* 1:62789 <-> SERVER-WEBAPP Apache Struts file upload directory traversal attempt
* 1:62828 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62829 <-> SERVER-WEBAPP Oracle Advanced Outbound Telephony ieccampsearchcreate.jsp cross site scripting attempt
* 1:62845 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62846 <-> SERVER-WEBAPP Netgate pfSense command injection attempt
* 1:62851 <-> SERVER-WEBAPP Schneider Electric IIoT Monitor frmUpdateSetting directory traversal attempt
* 1:62886 <-> SERVER-WEBAPP Adobe ColdFusion WDDX Deserialization code execution attempt
* 1:62888 <-> SERVER-WEBAPP Apache Superset unsafe database connection string attempt
* 1:62950 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:62951 <-> SERVER-WEBAPP Ivanti multiple products server side request forgery attempt
* 1:63309 <-> SERVER-WEBAPP Palo Alto Networks Firewall directory traversal attempt
* 1:63310 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63311 <-> SERVER-WEBAPP D-Link multiple NAS devices authentication bypass attempt
* 1:63313 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63314 <-> SERVER-WEBAPP D-Link multiple NAS devices command injection attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63604 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:63855 <-> SERVER-WEBAPP NextGen Healthcare Mirth Connect arbitrary Java object deserialization attempt
* 1:65184 <-> SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt