A DNS reply from AnyDesk (remote control tool) was made from the internal network to the internet.
Traffic of LLMNR was detected. LLMNR (Link-Local Multicast Name Resolution) is a protocol used in modern Windows operating systems (starting from Windows Vista and later) to resolve the names of neighboring computers on the same local network (link-local) when traditional DNS (Domain Name System) resolution fails
This alert is triggered when detecting an attempt to exploit CVE-2013-2068 a directory traversal vulnerability in the Red Hat CloudForm agent controller. Red Hat CloudForms is a hybrid cloud management platform. This rule is particularly looking for signs of an attacker attempting to exploit the system by specifying a file path that navigates outside of the intended directory, potentially aiming to overwrite system files or place malicious scripts on the server.
This alert is triggered when detecting an attempt to exploit CVE-2013- 6955 a remote command execution vulnerability in Synology DiskStation Manager. The Synology DiskStation Manager is an operating system used by Synology's NAS devices. This rule is particularly looking for signs of an attacker attempting to exploit the 'SLICEUPLOAD' feature by specifying the 'imageSelector.cgi' endpoint and a specific header, potentially aiming to execute malicious commands.
This alert is triggered when detecting an attempt to exploit CVE-2013-6810 a directory traversal vulnerability in EMC Connectrix Manager. EMC Connectrix Manager is an application used to manage storage infrastructure. This rule is particularly looking for signs of an attacker attempting to exploit the system by specifying a file path that navigates outside of the intended directory, potentially aiming to overwrite system files or place malicious scripts on the server.
This alert is triggered when detecting an attempt to exploit CVE-2013-5486 a directory traversal vulnerability in Cisco Prime Data Center Network Manager (DCNM). The Cisco Prime DCNM is a management solution for data centers. This rule is particularly looking for signs of an attacker trying to manipulate the fileUpload URI and upload files to unintended directories, potentially aiming to overwrite system files or place malicious scripts on the server.
This alert is triggered when detecting an attempt to exploit CVE-2013-5486 a directory traversal vulnerability in Cisco Prime Data Center Network Manager (DCNM). The Cisco Prime DCNM is a management solution for data centers. This rule is particularly looking for signs of an attacker trying to manipulate the fileUpload URI and upload files to unintended directories, potentially aiming to overwrite system files or place malicious scripts on the server.
This alert is triggered when detecting an attempt to exploit CVE-2013-2068 a directory traversal vulnerability in the Red Hat CloudForm agent controller. Red Hat CloudForms is a hybrid cloud management platform. This rule is particularly looking for signs of an attacker attempting to exploit the system by specifying a file path that navigates outside of the intended directory, potentially aiming to overwrite system files or place malicious scripts on the server.
This alert is triggered when detecting an attempt to exploit a directory traversal vulnerability in Zimbra Collaboration Suite, to potentially extract sensitive configuration details. Zimbra Collaboration Suite is an open-source email, calendaring, and collaboration software. This rule is particularly looking for requests aimed at retrieving the localconfig.xml file by exploiting a path traversal vulnerability. This XML file can potentially contain sensitive configuration details.
This alert is triggered when detecting an attempt to exploit CVE-2013-5486 a directory traversal vulnerability in Cisco Prime Data Center Network Manager (DCNM) The Cisco Prime DCNM is a management solution for data centers. This rule is particularly looking for requests aimed to manipulate the 'chartid' parameter to gain unauthorized access to files and directories outside the intended path.