TMS zl Module IPS/IDS Signature Quick Reference RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

Development Company, LP.

Threat Management Services zl Module

IPS/IDS Signature Quick Reference

RLX.10.2.2.94

ID Signature Name

Threat

Level

Industry ID

BEA WebLogic URL JSP Request Source

Code Disclosure Vulnerability

Warning Bugtraq: 2527 Nessus: 10715,10949

ColdFusion exprcalc.cfm File Disclosure

Vulnerability

Warning

CVE-1999-0477 CVE-1999-0455 Bugtraq:

115 Nessus: 10001

4 IIS4 ExAir Sample Site DoS Vulnerability Warning CVE-1999-0449 Bugtraq: 193 Nessus: 10002

5 IIS4 ExAir Sample Site DoS Vulnerability Warning

CVE-1999-0449 CVE-1999-0449 Bugtraq:

193 Nessus: 10003,10002

6 IIS4 ExAir Sample Site DoS Vulnerability Warning

CVE-1999-0449 CVE-1999-0449 Bugtraq:

193 Nessus: 10004,10002

Alibaba get32.exe Arbitrary Command

Execution Vulnerability

Severe CVE-1999-0885 Bugtraq: 770 Nessus: 10011

Alibaba.pl CGI Command Execution

Vulnerability

Severe

CVE-1999-0885

CVE-1999-0885 Bugtraq:

770 Nessus: 10013,10011

Alibaba tst.bat CGI Command Execution

Vulnerability

Severe

CVE-1999-0885 Bugtraq: 770 Nessus:

10014,10011

Altavista Intranet Search Directory Traversal

Vulnerability

Warning CVE-2000-0039 Bugtraq: 896 Nessus: 10015

Httpd input2.bat arbitrary command

execution Vulnerability

Warning CVE-1999-0947 Bugtraq: 762 Nessus: 10016

14 Httpd envout.bat cgi vulnerability Warning CVE-1999-0947 Bugtraq: 762 Nessus: 10016

Anacondaclip cgi directory traversal

vulnerability

Severe CVE-2001-0593 Bugtraq: 2512 Nessus: 10644

16 Apache DIR listing cgi vulnerability Warning CVE-2001-0731 Bugtraq: 3009 Nessus: 10704

Apache ASP 1.95 source.asp cgi

vulnerability

Severe CVE-2000-0628 Bugtraq: 1457 Nessus: 10480

Summary of content (220 pages)

PAGE 1
Threat Management Services zl Module IPS/IDS Signature Quick Reference RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 1 BEA WebLogic URL JSP Request Source Code Disclosure Vulnerability Warning Bugtraq: 2527 Nessus: 10715,10949 2 ColdFusion exprcalc.
PAGE 2
ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 18 Microsoft IIS ASP Alternate Data Streams Source Disclosure Vulnerability Severe CVE-1999-0278 Bugtraq: 149 Nessus: 10362 19 ASP Source Code Disclosure DOT Cgi Vulnerability Severe CVE-1999-0253 CVE-1999-0154 Bugtraq: 1814 Nessus: 10363 20 HIS Software Auktion 1.
PAGE 3
ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 69 Excite for Web Servers 1.1 Command Execution Vulnerability Severe CVE-1999-0279 Bugtraq: 2248 Nessus: 10064 70 Faxsurvey cgi vulnerability Warning CVE-1999-0262 Bugtraq: 2056 Nessus: 10067 71 FormHandler cgi vulnerability Warning CVE-1999-1051 CVE-1999-1050 Bugtraq: 799 Nessus: 10075 75 FrontPage 97/98 Htimage.
PAGE 4
ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 Threat Level ID Signature Name 101 Microsoft IIS/PWS UNICODE Characters Warning Decoding Command Execution Vulnerability CVE-2001-0333 Bugtraq: 2708 Nessus: 10671 102 IIS dot cnf cgi vulnerability Warning CVE-2002-1718 CVE-2002-0241 CVE-20021717 Bugtraq: 4084,4048,4078 Nessus: 10575 104 IIS perl.exe problem Warning CVE-1999-0450 Bugtraq: 194 Nessus: 10120 105 /scripts/repost.
PAGE 5
ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 131 MultiHTML File Disclosure Vulnerability Severe CVE-2000-0912 Bugtraq: 6711 Nessus: 10516 132 /book.
PAGE 6
ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 157 Perl http Directory Disclosure Vulnerability Warning CVE-2000-0883 Bugtraq: 1678 Nessus: 10511 158 PerlCal Directory Traversal Vulnerability Severe CVE-2001-0463 Bugtraq: 2663 Nessus: 10664 159 Perl interpreter can be launched as a CGI vulnerability Severe CVE-1999-0509 Nessus: 10173 160 WEB-CGI pfdispaly.
PAGE 7
ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 Threat Level ID Signature Name 182 Sambar webserver pagecount file corruption Warning vulnerability CVE-2001-1010 Bugtraq: 3091,3092 Nessus: 10711 183 Directory listing through Sambar server search.
PAGE 8
ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 210 Tomcat's snoop servlet gives too much information vulnerability Warning CVE-2000-0760 Bugtraq: 1532 Nessus: 10478 211 ASP/ASA source using Microsoft Translate: Critical f bug vulnerability CVE-2000-0778 Bugtraq: 1578 Nessus: 10491 212 Tarantella TTAWebTop.
PAGE 9
ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 234 Vulnerable WebSite pro can reveal the physical path of web directory Warning CVE-2000-0066 Bugtraq: 932 Nessus: 10303 236 WebSpeed remote configuration vulnerability Warning CVE-2000-0127 Bugtraq: 969 Nessus: 10304 237 Directory Traversal Vulnerabity in webspirs.cgi CVE-2001-0211 Bugtraq: 2362 Nessus: 10616 238 Whois_raw.
PAGE 10
ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 264 Lotus Domino Banner Information Disclosure Vulnerability Warning CVE-2002-0245 CVE-2002-0408 CVE-20020245 Bugtraq: 4049 Nessus: 11009 265 IIS 404 error XSS vulnerability Warning CVE-2002-0150 CVE-2002-0148 CVE-20020074 Bugtraq: 4476,4483,4486 Nessus: 10936 266 Attempt to check if IIS server has the .
PAGE 11
ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 299 PHP mylog Example Script arbitrary file access vulnerability Warning CVE-1999-0068 Bugtraq: 713 300 IRIX MachineInfo Script vulnerability Warning CVE-1999-1067 301 WinGate Logfile Server Vulnerability Information 304 Convert.
PAGE 12
ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 335 BNB survey.cgi CGI arbitrary command execution Vulnerability Warning CVE-1999-0936 Bugtraq: 1817 336 Multiple vulnerabilities in Classifieds.cgi CGI script Warning CVE-1999-0934 CVE-1999-0935 Bugtraq: 2020 337 Counter.exe CGI DoS Vulnerability Severe CVE-1999-1030 Bugtraq: 267 340 Novell files.
PAGE 13
ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.
PAGE 14
ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 378 Directory.
PAGE 15
ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.
PAGE 16
ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 433 OpenLink 3.2 Web Config Buffer Overflow Vulnerability Severe CVE-1999-0943 Nessus: 10169 437 IIS ASP Chunked Encoding Heap Buffer Overflow Vulnerability Warning CVE-2002-0079 CVE-2002-0147 CVE-20020149 Bugtraq: 4485,4478,4490 Nessus: 10935 438 IPlanet Webserver .
PAGE 17
ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.
PAGE 18
ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.
PAGE 19
ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 604 WEB-CGI streaming server parse_xml.cgi access vulnerability Information CVE-2003-0054 Bugtraq: 6954 606 BugZilla Post_Bug.CGI Bug Report Spoofing Vulnerability Information CVE-2002-0008 Bugtraq: 3794,3793 607 BugZilla Process_Bug.
PAGE 20
ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 631 WEB-MISC chip.ini access Vulnerability Information CVE-2001-0749 Bugtraq: 2775 633 Lotus Domino Dot File Disclosure Vulnerability Warning 634 WEB-MISC Lotus Notes .pl script source download Vulnerability Information CVE-2003-1408 Bugtraq: 6841 635 WEB-MISC Lotus Notes .csp script source download Vunerability Information CVE-2003-1408 Bugtraq: 6841 637 WEB-MISC iPlanet .

PAGE 21

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 665 HTTP Client - Novarg Worm Warning 668 PHPBB2 Image Tag HTML Injection Vulnerability Warning 669 XSS to steal cookies vulnerability Information 671 A possible attempt to crash IE 6 using code

PAGE 22

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 720 Sun NetDynamics Session ID Hijacking Vulnerability Information CVE-2001-0922 Bugtraq: 3583 Nessus: 11730 721 Nph exploitscanget.cgi access vulnerability Information Bugtraq: 7911,7910,7913 Nessus: 11740 722 AT-admin.

PAGE 23

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 745 Webadmin.dll detection vulnerability Information CVE-2003-0471 CVE-2003-1463 Bugtraq: 7438,8024 Nessus: 11771 746 Sambar Server echo.bat Code Execution Vulnerability Information CVE-2000-0213 Bugtraq: 1002 Nessus: 10246 747 Oracle 9iAS PORTAL_DEMO ORG_CHART Vulnerability Warning 748 Fpcount.

PAGE 24

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 25

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 944 WGet NTLM Username Buffer Overflow Vulnerability Warning CVE-2005-3185 Bugtraq: 15102 945 Xterm command attempt Warning CVE-2007-2797 Bugtraq: 26710 1000 Mozilla JavaScript URL Arbitrary Cookie Access Vulnerability Warning Bugtraq: 5293 1001 Javacript document.

PAGE 26

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 27

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 1044 MDaemon form2cgi buffer overflow vulnerability Severe Bugtraq: 9317 1045 Nph-maillist Arbitrary Code Execution vulnerability Warning CVE-2001-0400 Bugtraq: 2563 1046 Oracle reports stack overflow vulnerability Information CVE-2002-0947 Bugtraq: 4848 1047 SGI IRIX infosearch fname Vulnerability Warning CVE-2000-0207 Bugtraq: 1031 1048 SIX-webboard 2.

PAGE 28

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 1070 Big Brother bb-hist.sh file browsing vulnerability Warning CVE-1999-1462 Bugtraq: 142 Nessus: 10025 1071 Bb-histlog.sh information disclosure vulnerability Warning CVE-1999-1462 Bugtraq: 142 Nessus: 10025 ,10025 1073 BB4 Technologies Big Brother Directory Traversal Vulnerability Warning CVE-2000-0638 Bugtraq: 1455 Nessus: 10460 1074 Big Brother bb-rep.

PAGE 29

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 1093 IBM Net.Data document.d2w Path Disclosure Vulnerability Warning CVE-2000-1110 Bugtraq: 2017 1094 Matt Wright's download.cgi Remote Command Execution Vulnerability Warning CVE-1999-1377 CVE-2002-0749 Bugtraq: 4579 Nessus: 11748 1095 Extropia WebStore Directory Traversal Vulnerability Warning CVE-2000-1005 Bugtraq: 1774 1096 Webmin edit_action.

PAGE 30

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 Threat Level ID Signature Name 1114 CGIScript.NET csMailto Hidden Form Field Warning Remote Command Execution Vulnerability CVE-2001-0180 CVE-2002-0749 Bugtraq: 4579 Nessus: 11748 1115 BizDesign ImageFolio.cgi access vulnerability Warning CVE-2002-1334 CVE-2002-0749 Bugtraq: 6265,4579 Nessus: 11748 1120 Ntdll.

PAGE 31

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 1143 WEB-CGI rsh access Vulnerability Information CVE-1999-0509 1144 WEB-CGI rwwwshell.pl access Vulnerability Information 1145 Apache Artificially Long Slash Path Directory Listing and ScriptAlias Source Retrieval Vulnerability Warning CVE-1999-0236 CVE-2001-0925 Bugtraq: 2300,2503 1146 Rod Clark Sendform.

PAGE 32

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 Threat Level ID Signature Name 1166 Apple QuickTime/Darwin Streaming Server Warning view_broadcast.cgi Denial of Service Vulnerability 1167 WEB-CGI w3tvars.pm access Vulnerability Information 1168 WEB-CGI wais.pl access Vulnerability Information 1169 WEB-CGI web-map.cgi access Vulnerability Information 1170 WEB-CGI webdist.

PAGE 33

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 34

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 35

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 36

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 1264 Niti Telecom Caravan Business Server Remote Directory Traversal Vulnerability Warning CVE-2004-2170 Bugtraq: 9555 1265 Secure Authentication Bypass Vulnerability Warning Bugtraq: 4621 1266 Novell Groupwise Servlet Gateway Default Authentication Vulnerability Warning CVE-2001-1195 Bugtraq: 3697 Nessus: 12122 1267 SmartWin CyberOffice Shopping Cart 2.

PAGE 37

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 38

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 1309 ESignal v7 remote buffer overflow Vulnerability Warning Bugtraq: 9978 1310 Mozilla Firefox iframe.contentWindow.focus Severe Deleted Object Reference Vulnerability CVE-2006-1993 Bugtraq: 17671 1311 Basilix Webmail Incorrect File Permissions Vulnerability Warning CVE-2001-1044 Bugtraq: 2198 Nessus: 10601 1312 BulletScript MailList bsml.

PAGE 39

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 40

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 1359 Caldera OpenLinux 2.3 rpm_query CGI information disclosure Vulnerability Warning CVE-2000-0192 Bugtraq: 1036 Nessus: 10340 1360 Solaris sadmind Buffer Overflow Vulnerability Information 1361 Check Point Firewall-1 HTTP Parsing Engine URI Schema Format String Vulnerability Warning 1362 SAMBAR Server search.

PAGE 41

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 42

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 43

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 Threat Level ID Signature Name 1425 Microsoft Internet Explorer DHTML Object Warning Race Condition Memory Corruption Vulnerability CVE-2005-0553 Bugtraq: 13120 1426 Microsoft Internet Explorer URL Parsing Memory Corruption Vulnerability CVE-2005-0554 Bugtraq: 13123 1427 Working Resources's BadBlue HTTP Server Severe ext.

PAGE 44

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 45

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 Threat Level ID Signature Name 1460 Microsoft Internet Explorer InstallEngineCtl Warning SetCifFile Argument Buffer Overflow Vulnerability CVE-2004-0216 Bugtraq: 11366 1461 Microsoft Internet Explorer ShowModalDialog Security Zone Bypass Vulnerability CVE-2004-0549 Bugtraq: 10472,10473 1462 RealNetworks RealOnePlayer and RealPlayer Warning PNen3260.

PAGE 46

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 47

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 1542 RealPlayer IERPPLUG.DLL ActiveX Control Remote Denial of Service Vulnerability(2) Warning CVE-2006-6847 Bugtraq: 21802 1543 Microsoft Internet Explorer DXImageTransform.Microsoft.Light ActiveX Arbitrary Code Execution Vulnerability(1) Warning CVE-2006-2383 Bugtraq: 18303 1544 Microsoft Internet Explorer DXImageTransform.Microsoft.

PAGE 48

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 49

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 1723 NewsPro administration unauthorized authentication vulnerability Information CVE-2002-1734 Bugtraq: 4672 1724 Microsoft Windows SAM file access vulnerability Information 1725 Microsoft SQL Server SQLXML contenttype Information CVE-2002-0186 Bugtraq: 5004 Buffer Overflow Vulnerability 1726 SmarterTools SmarterMail frmCompose.

PAGE 50

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 1746 Microsoft IIS Form_VBScript.asp XSS Vulnerability Severe CVE-2000-1104 CVE-2000-0746 Bugtraq: 1595,1594 Nessus: 10572 1747 WEB-Microsoft IIS FTP del attempt Vulnerability Severe CVE-1999-0777 Bugtraq: 658 1748 Microsoft Front Page file doctodep.

PAGE 51

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 1775 Microsoft Site Server 2.0 with IIS 4.0 uploadn.asp file access Vulnerability Information CVE-1999-0360 Bugtraq: 1811 1776 Microsoft Internet Information Server 'users.xml' file access Vulnerability Information 1777 Microsoft Windows 2000 Resource Kit Severe W3Who.

PAGE 52

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 53

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 1837 WEB-PHP Advanced Poll admin_settings.php access Vulnerability Information CVE-2003-1180 Bugtraq: 8890 Nessus: 11487 1838 WEB-PHP Advanced Poll admin_stats.php access Vulnerability Information CVE-2003-1180 Bugtraq: 8890 Nessus: 11487 1839 WEB-PHP Advanced Poll admin_templates.

PAGE 54

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 1860 WEB-PHP Invision Board ipchat.php file include Vulnerability Warning CVE-2003-1385 Bugtraq: 6976 1861 WEB-PHP MatrikzGB privilege escalation Vulnerability Information Bugtraq: 8430 1862 WEB-PHP Messagerie supp_membre.php access Vulnerability Information Bugtraq: 4635 1863 WEB-PHP Opt-X header.

PAGE 55

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 Threat Level ID Signature Name 1881 WEB-PHP PhpGedView functions.php base Information CVE-2004-0030 Bugtraq: 9368 Nessus: 11982 directory manipulation Vulnerability 1882 WEB-PHP PhpGedView search.php access Vulnerability Information CVE-2004-0032 Bugtraq: 9369 Nessus: 11982 1883 WEB-PHP MediaWiki Setup.

PAGE 56

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 1904 WEB-PHP VBPortal friends.php access Vulnerability Warning Bugtraq: 9088 1905 WEB-PHP gallery remote file include Vulnerability Warning CVE-2003-1227 Bugtraq: 8814 Nessus: 11876 1906 WEB-PHP myPHPNuke chatheader.php Cross site scripting Vulnerability Warning Bugtraq: 6544 1907 WEB-PHP myPHPNuke partner.

PAGE 57

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 1927 WEB-FRONTPAGE administrators.pwd access Vulnerability Warning Bugtraq: 1205 1928 WEB-FRONTPAGE author.exe access Vulnerability Warning Bugtraq: 2144 1929 WEB-FRONTPAGE cfgwiz.exe access vulnerability Warning 1930 WEB-FRONTPAGE contents.

PAGE 58

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 1948 WEB-FRONTPAGE svcacl.cnf access Vulnerability Warning CVE-2002-1717 Bugtraq: 4078 Nessus: 10575 1949 WEB-FRONTPAGE users.pwd access Vulnerability Warning 1950 WEB-FRONTPAGE writeto.cnf access Vulnerability Warning CVE-2002-1717 Bugtraq: 4078 Nessus: 10575 1951 WEB-PHP Marcus Xenakis directory.

PAGE 59

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 2022 Sendmail 8.6.11 Denial of Service Vulnerability Information 2023 Sendmail 8.6.12 Denial of Service Vulnerability Information 2024 Sendmail (8.7.5) GECOS field buffer overflow check Information CVE-1999-0131 2025 Sendmail (8.8.0/8.8.1) MIME buffer overflow check with version 8.8.0 Information CVE-1999-0206 2026 Sendmail (8.8.0/8.8.1) MIME buffer overflow check with version of 8.

PAGE 60

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 2061 VIRUS OUTBOUND .chm file attachment Information 2062 VIRUS OUTBOUND .

PAGE 61

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 62

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 2235 SMTP sendmail 8.6.

PAGE 63

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 2999 Smtp Data has more than maximum configured number of Boundarys.

PAGE 64

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 65

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 3097 Bugs Backdoor for Windows 9x and NT Severe 3098 Backdoor Coma detection Warning 3099 Cow Backdoor for Windows 9x detection Warning 3100 Backdoor DeltaSource for Windows Severe 3101 Doly Backdoor for Windows detection Severe 3102 Fore Backdoor For Windows 9x Information 3103 Backdoor Frenzy 1.0.

PAGE 66

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 3134 BACKDOOR DeepThroat 3.1 Connection attempt Information 3135 BACKDOOR DeepThroat 3.1 Connection attempt Port 3150 Information 3136 BACKDOOR DeepThroat 3.1 Connection attempt Port 4120 Information 3137 BACKDOOR DeepThroat 3.1 Server Response Port 3150 Severe 3138 BACKDOOR DeepThroat 3.1 Server Response Port 4120 SEVERE 3139 BACKDOOR Doly 1.

PAGE 67

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 3164 BACKDOOR trinity connection Severe 3165 BACKDOOR w00w00 attempt Severe 3166 BACKDOOR win-trin00 connection Severe 3167 BACKDOOR BackConstruction 2.1 Client FTP Open Request Severe 3168 BACKDOOR BackOrifice 2000 Inbound Traffic Severe 3169 Backdoor Insane Network 4.0 connection established Severe 3170 BACKDOOR Insane Network 4.

PAGE 68

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 69

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 3239 Backdoor Michal 5.00 Critical 3240 Backdoor Network Terrorist 1.31 Severe 3241 Backdoor PC Invader 1.0 Severe 3242 Backdoor SubSeven 2.1 Critical 3243 Backdoor Trojan Spirit 2001 1.2 Severe 3244 Backdoor X-zt00 1.0 Severe 3245 Backdoor The Thing 1.1 Severe 3246 Backdoor AcidDrop 1.0 Severe 3247 Backdoor Amitis 1.4.3 Severe 3248 Backdoor Assassin 1.

PAGE 70

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 3281 Backdoor Latinus 1.2 Critical 3282 Backdoor Latinus 1.3 Critical 3283 Backdoor Latinus 1.4 Critical 3284 Backdoor Le guardien Critical 3285 Backdoor Phoenix 1.28/2.0 Critical 3286 Backdoor Pitfall Critical 3287 Backdoor Prayer 1.2/1.3 Severe 3288 Backdoor Priority Critical 3289 Backdoor Private port 1.0 Critical 3290 Backdoor Project next 0.5.

PAGE 71

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 3319 Backdoor War Trojan Severe 3320 Backdoor WinCrash 1.03 Severe 3321 Backdoor Windows Mite 1.0 Critical 3323 Xanadu Backdoor detection Critical 3324 Backdoor Xanadu 1.11 Critical 3325 Backdoor Xlog 2.2 Critical 3326 Backdoor Y3K RAT 1.1/1.4 Critical 3327 Backdoor Y3K RAT 1.1/1.4 Critical 3328 Backdoor YAT 3.01 Critical 3329 Backdoor BlackCore 2.

PAGE 72

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 3403 BackDoor DFch Grisch 0.1 beta 1 Critical 3404 Backdoor Duddie Severe 3405 Backdoor Maverick's Matrix Warning 3406 Backdoor Meet The Lamer 1.0 Critical 3407 Backdoor Net Devil Severe 3408 Backdoor One 0.1 Severe 3409 Backdoor One 0.1 (2) or Transcout Severe 3410 Backdoor R0xr4t 1.

PAGE 73

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 74

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 75

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 76

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 77

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 78

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 6081 FTP STAT command directory traversal Vulnerability Information 6082 AIX ftpd CEL Command Buffer Overflow Vulnerability Information CVE-1999-0789 Bugtraq: 679 Nessus: 10009 6083 FTP Pub scanning using Omega Scanner. Information 6084 FTP Pub scanning using Grim's Ping tool.

PAGE 79

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 80

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 81

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 82

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 9007 OpenSSH 2.3.1 authentication bypass vulnerability Warning Bugtraq: 2356 Nessus: 10608 9008 Rwhois format string attack Warning CVE-2001-0838 Bugtraq: 3474 Nessus: 10790 9009 Access on Vulnerable rwhois port Information Nessus: 10804 9010 Access to Vulnerable SSH 3.0.

PAGE 83

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 84

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 85

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 86

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 87

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 88

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 89

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 90

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 91

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 92

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 93

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 94

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 95

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 96

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 97

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 98

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 99

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 100

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 101

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 102

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 103

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 16036 Ypbind service vulnerability Information CVE-1999-0312 Bugtraq: 52 Nessus: 10241,10244 16037 Yppasswd service vulnerability Information Nessus: 10242,11021,10684 16038 Ypupdated service vulnerability Warning CVE-1999-0208 Bugtraq: 1749 Nessus: 10243 16042 SnmpXdmid buffer overflow UDP Severe CVE-2001-0236 Bugtraq: 2417 Nessus: 10659 16044 Rpc.

PAGE 104

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 105

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 16105 Rpc_cmsd Vulnerability Information CVE-1999-0320 CVE-2002-0391 CVE-19990696 Bugtraq: 428 Nessus: 10213 16107 Etherstatd service Vulnerability Information CVE-1999-0530 Nessus: 10215 16108 Fam service access Warning 16109 Keyserv service access Information Nessus: 10217 16110 Llockmgr service access Information Nessus: 10218 16111 "rpc.

PAGE 106

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 107

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 108

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 16246 RPC Tooltalk Service Overflow Vulnerability Severe CVE-1999-0003 Bugtraq: 122 16247 RPC ToolTalk Service Overflow Vulnerability Severe CVE-1999-0003 Bugtraq: 122 16248 Rpc.yppasswdd new password overflow attempt TCP Severe CVE-2001-0779 16249 Rpc.yppasswdd old password overflow attempt TCP Severe CVE-2001-0779 16250 Rpc.

PAGE 109

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 110

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 111

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 112

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 113

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 114

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 115

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 116

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 117

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 118

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 119

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 120

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 24951 Possible UDP DNS Buffer Overflow Vulnerability Critical 24952 Mismatch of DNS Query & Reponse IDs Information 24953 DNS message integrity check for invalid DNS operation Flag Critical 24954 DNS message integrity check for abnormal domain name length. Critical 24955 DNS message integrity check for abnormal label length.

PAGE 121

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 122

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 123

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 124

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 125

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 28108 Activity Related to Spyware Site SpySheriff.com Vulnerability Warning 28109 Activity Related to Spyware Site spywarestormer.com Vulnerability Warning 28110 Activity Related to Spyware Site spywarestormer.

PAGE 126

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 29030 Worm Zafi.D (By Filename) Information 29031 Worm Zafi.D (By Filename) Information 29033 Worm Zafi.D (SMTP Outgoing/Incoming .zip format) Information 29035 Worm Zafi.D (SMTP Outgoing/Incoming .cmd, .com, .pif, .

PAGE 127

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 29070 Worm Bagle.I Vulnerability Information 29071 Worm Bagle.I Information 29072 Worm Bagle.I Information 29073 Worm Bagle.Z Vulnerability Information 29074 Worm Bagle.dldr Vulnerability Information 29075 Worm Bagle.BO Information 29077 Worm Bagle.BQ Information 29079 Worm Bagle.CC Information 29080 Worm Bagle.CC Information 29081 Worm Bagle.

PAGE 128

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 29113 Worm Maslan.C Information 29116 Worm MyDoom.AH Information CVE-2004-1050 Bugtraq: 11515 29117 Worm MyDoom.AH Information CVE-2004-1050 Bugtraq: 11515 29118 Worm MyDoom.AH Information CVE-2004-1050 Bugtraq: 11515 29120 Worm MyDoom.AH Information CVE-2004-1050 Bugtraq: 11515 29125 Worm MyDoom.I Information 29126 Worm MyDoom.I Information 29127 Worm MyDoom/MIMAIL.

PAGE 129

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 29163 Worm Netsky.Z Information 29164 Worm Netsky.Z Information 29165 Worm NetSky.P Information CVE-2001-0154 Bugtraq: 2524 29166 Worm NetSky.P Information CVE-2001-0154 Bugtraq: 2524 29167 Worm NetSky.P Information CVE-2001-0154 Bugtraq: 2524 29168 Worm NetSky.P Information CVE-2001-0154 Bugtraq: 2524 29169 Worm Novarg.

PAGE 130

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 29203 Trojan Orderjack Warning 29204 Trojan PWS-LDPinch Warning 29205 Trojan PWS Banker.B Warning 29206 Trojan PassSickle Warning 29207 Trojan Ranck-CX Warning 29208 Trojan Sicklebot Warning 29209 Trojan ICMP Tunnel Warning 29210 Trojan Torpig-R Warning 29211 Trojan Torpig-R Warning 29212 Trojan W32Agent.dsi Vulnerability Warning 29213 Trojan W32Agent.

PAGE 131

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 132

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 133

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 134

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 30069 Oracle Reports Server desname Parameter File Overwrite Vulnerability Warning CVE-2005-2371 Bugtraq: 14309 30070 Microsoft Visual Studio WmiScriptUtils.dll Cross-Zone Scripting Vulnerability Warning CVE-2006-4704 Bugtraq: 20843 30071 Microsoft Visual Studio WmiScriptUtils.

PAGE 135

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 136

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 137

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 30300 VNC Client Long Reason String Buffer Overflow Vulnerability Severe CVE-2006-1652 CVE-2001-0167 Bugtraq: 17378,2305 30301 Nessus SCANCTRL.ScanCtrlCtrl.1 ActiveX Severe Control Directory Traversal Vulnerability CVE-2007-4031 CVE-2007-4061 CVE-20074062 Bugtraq: 25088 30302 Yahoo! Widgets Engine YDPCTL.

PAGE 138

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 30318 SquirrelMail G/PGP Plug-in gpg_help.

PAGE 139

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 30333 Hewlett-Packard OpenView Operations OVTrace Service Buffer Overflow Vulnerability Warning CVE-2007-3872 Bugtraq: 25255 30334 Symantec Norton Products NAVCOMUI.DLL ActiveX Control Remote Severe Code Execution Vulnerability CVE-2007-2955 Bugtraq: 24983 30335 Symantec Norton Products NAVCOMUI.

PAGE 140

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 Threat Level ID Signature Name 30347 Microsoft XML Core Services XMLDOM/OLE Automation SubstringData Warning Method Integer Overflow Vulnerability CVE-2007-2223 CVE-2007-2224 Bugtraq: 25282,25301 30348 Microsoft Visual Basic 6 TBLinf32.DLL ActiveX Control Remote Code Execution Vulnerability Severe CVE-2007-2216 Bugtraq: 25289 30349 Microsoft Visual Basic 6 TBLinf32.

PAGE 141

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 30361 MS Visual Basic 6 pdwizard.ocx ActiveX Control Remote Code Execution Vulnerability Severe CVE-2007-3041 Bugtraq: 25295 30362 MS Visual Basic 6 pdwizard.ocx ActiveX Control Remote Code Execution Vulnerability Severe CVE-2007-3041 Bugtraq: 25295 30363 MS Visual Basic 6 pdwizard.

PAGE 142

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 30379 Oracle JInitiator beans.ocx ActiveX control Buffer Overflow Vulnerability Severe CVE-2007-4467 Bugtraq: 25473 30380 Oracle JInitiator beans.ocx ActiveX control Buffer Overflow Vulnerability Severe CVE-2007-4467 Bugtraq: 25473 30381 Oracle JInitiator beans.

PAGE 143

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 30399 Oracle JInitiator beans.ocx ActiveX control Buffer Overflow Vulnerability Severe CVE-2007-4467 Bugtraq: 25473 30400 Oracle JInitiator beans.ocx ActiveX control Buffer Overflow Vulnerability Severe CVE-2007-4467 Bugtraq: 25473 30401 Oracle JInitiator beans.

PAGE 144

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 30419 Yahoo Messenger YVerInfo.

PAGE 145

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 146

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 147

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 148

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 Threat Level ID Signature Name 32268 Microsoft Visual Studio 6.0 PDWizard Warning (PDWizard.ocx <= 6.0.0.9782) Remote Arbitrary Command Execution vulnerability CVE-2007-4891 Bugtraq: 25638 32269 Microsoft Visual Studio 6.0 PDWizard Warning (PDWizard.ocx <= 6.0.0.9782) Remote Arbitrary Command Execution vulnerability CVE-2007-4891 Bugtraq: 25638 32270 Microsoft Visual Studio 6.0 PDWizard Warning (PDWizard.ocx <= 6.0.0.

PAGE 149

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 32606 HTTP McAfee SecurityCenter Subscription Manager Buffer Overflow Severe CVE-2007-2584 Bugtraq: 23888,23909 32607 HTTP Microsoft Outlook ole32.dll ActiveX DoS Severe CVE-2006-6659 Bugtraq: 21649 32608 HTTP RealPlayer IERPPLUG.

PAGE 150

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 32627 HTTP RealPlayer ActiveX Control (rpau3260.

PAGE 151

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 152

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 32683 HTTP Windows MHTML URI Buffer Overflow (MS06-043) Severe CVE-2006-2766 Bugtraq: 18198 Nessus: 22185 32684 HTTP Adobe Acrobat UXSS in FDF Severe CVE-2007-0045 CVE-2007-0044 Bugtraq: 21858 32685 HTTP Winamp Malformed Playlist File Handling Buffer Overflow Severe CVE-2006-0476 Bugtraq: 16410 32686 Novell Groupwise WebAccess GWINTER.

PAGE 153

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 Threat Level ID Signature Name Industry ID 32707 Microsoft Windows Media Player MIDI File Severe Format DoS 32708 HTTP Windows Shell User Logon ActiveX Vulnerability S Severe 32709 WinZip FileView ActiveX Control Unsafe Method Exposure Severe 32710 HTTP Zenturi ProgramChecker ActiveX Fill Severe Method OverFlow 32711 FTP acFTP 1.5 PBSZ Denial of Service Severe 32712 HTTP MS IE chtskdic.

PAGE 154

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 Threat Level ID Signature Name 32768 HTTP MS Excel NULL Pointer Dereference Warning DoS POC_2 CVE-2007-3029 Bugtraq: 22555 32780 Microsoft ASP.NET URI Canonicalization Unauthorized Web Access vulnerability CVE-2004-0847 Bugtraq: 11342 32782 Microsoft .

PAGE 155

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 156

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 157

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 158

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 34130 InstantForum.NET Logon.aspx XSS Vulnerability Warning CVE-2007-0302 Bugtraq: 22052 34131 InstantForum.NET Members1.aspx XSS Vulnerability Warning CVE-2007-0302 Bugtraq: 22052 34132 MiNTHaberSistemi duyuru.asp SQLInjection Warning vulnerability CVE-2007-0304 Bugtraq: 22030 34133 MiNTHaberSistemi duyuru.

PAGE 159

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 34154 HPMQC SPIDERLib ActiveX Control Buffer Overflow Vulnerability. Severe CVE-2007-1819 Bugtraq: 23239 34155 HPMQC SPIDERLib ActiveX Control Buffer Overflow Vulnerability.

PAGE 160

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 Threat Level ID Signature Name 34266 Internet Explorer Daxctle.OCX KeyFrame Severe Method Heap Buffer Overflow Vulnerability CVE-2006-4777 Bugtraq: 20047 34268 Internet Explorer Daxctle.OCX KeyFrame Warning Method Heap Buffer Overflow Vulnerability CVE-2006-4777 Bugtraq: 20047 34269 Internet Explorer Daxctle.

PAGE 161

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 34336 CA BrightStor ARCserve Backup LGSERVER.EXE buffer overflow vulnerability Severe CVE-2007-0449 Bugtraq: 22340,22342 34337 CA BrightStor ARCserve Backup LGSERVER.

PAGE 162

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 Threat Level ID Signature Name 34388 Asterisk SIP T.

PAGE 163

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 34458 Computer Associates Multiple Products HTTP Request Buffer Overflow Warning CVE-2005-3190 Bugtraq: 15025 34459 Microsoft Office Web Components MSOWC.DLL ActiveX Control Buffer Overflow Warning CVE-2006-4695 Bugtraq: 28135 34460 Microsoft Office Web Components MSOWC.

PAGE 164

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 165

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 166

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 167

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 168

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 Threat Level ID Signature Name 34577 MySpace Uploader "MySpaceUploader.ocx" Severe ActiveX Control Buffer Overflow CVE-CVE-2008-0660 Bugtraq: 27533 34578 MySpace Uploader "MySpaceUploader.ocx" Severe ActiveX Control Buffer Overflow CVE-CVE-2008-0660 Bugtraq: 27533 34579 MySpace Uploader "MySpaceUploader.

PAGE 169

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 34592 Aurigma Image Uploader 'ImageUploader4.ocx' ActiveX Control Buffer Overflow Vulnerability Severe CVE-CVE-2008-0660 Bugtraq: 27539 34593 Yahoo! Music Jukebox 'mediagrid.dll' ActiveX Control Remote Buffer Overflow Vulnerability Severe CVE-CVE-2008-0625 Bugtraq: 27578 34594 Yahoo! Music Jukebox 'mediagrid.

PAGE 170

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 34703 SwiftView ActiveX Control and Browser Plugin Stack Buffer Overflow Vulnerability Severe CVE-CVE-2007-5602 Bugtraq: 27527 34704 Macromedia Flash Flash8b.OCX ActiveX Control Denial of Service Vulnerability Warning CVE-CVE-2006-6827 Bugtraq: 21818 34705 Macromedia Flash Flash8b.

PAGE 171

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 172

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 Threat Level ID Signature Name 34759 McAfee Security Center MCINSCTL.DLL Warning ActiveX Control File Overwrite vulnerability CVE-2005-3657 Bugtraq: 15986 34760 McAfee Security Center MCINSCTL.DLL Severe ActiveX Control File Overwrite vulnerability CVE-2005-3657 Bugtraq: 15986 34761 McAfee Security Center MCINSCTL.

PAGE 173

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 174

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 34809 Apple QuickTime QTPlugin.ocx ActiveX Control Multiple Methods Buffer Overflow Vulnerability Severe CVE-2008-0778 Bugtraq: 27769 34810 Apple QuickTime QTPlugin.

PAGE 175

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 176

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 177

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 178

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 34910 Squid ASN.

PAGE 179

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 180

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 181

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 Threat Level ID Signature Name 35060 Microsoft Visual Studio Crystal Reports RPT Severe File Handling Code Execution CVE-2006-6133 Bugtraq: 21261 35061 Microsoft Internet Explorer Address Bar Spoofing Vulnerability CVE-2006-1626 Bugtraq: 17404 35062 Microsoft Visual FoxPro 'vfp6r.

PAGE 182

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 183

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 184

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 185

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 186

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 187

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 188

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 189

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 35272 Dana IRC Remote Buffer Overflow Vulnerability Severe CVE-2008-2922 Bugtraq: 29724 35273 Anata CMS 1.0b5 Arbitrary Add-Admin Vulnerability Severe 35274 P2P Foxy Out of memory Exploit Severe 35275 Asterisk "pedantic" SIP Processing Denial of Warning Service CVE-2008-2119 35276 Black Ice Barcode SDK BIDIB.

PAGE 190

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 35292 Black Ice 'BiAnno.ocx' Annotation SDK ActiveX Control Remote Buffer Overflow Vulnerability Warning CVE-2008-2745 Bugtraq: 29635 35293 Black Ice 'BiAnno.ocx' Annotation SDK ActiveX Control Remote Buffer Overflow Vulnerability Severe CVE-2008-2745 Bugtraq: 29635 35294 Black Ice 'BiAnno.

PAGE 191

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 192

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 193

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 194

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 195

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 196

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 197

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 Threat Level ID Signature Name 35486 Cisco Webex Meeting Manager 'atucfobj.dll' Warning ActiveX Control Remote Buffer Overflow Vulnerability CVE-2008-3558 Bugtraq: 30578 35487 Cisco Webex Meeting Manager 'atucfobj.

PAGE 198

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 35505 RealNetworks RealPlayer rmoc3260.dll ActiveX Control Memory Corruption Severe CVE-CVE-2008-1309 Bugtraq: 28157 35506 RealNetworks RealPlayer rmoc3260.dll ActiveX Control Memory Corruption Severe CVE-CVE-2008-1309 Bugtraq: 28157 35507 RealNetworks RealPlayer rmoc3260.

PAGE 199

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 Threat Level ID Signature Name 35540 DB Software Laboratory VImpX.ocx Severe ActiveX Control Multiple Insecure Methods CVE-2008-4749 Bugtraq: 31907 35541 DB Software Laboratory VImpX.ocx Warning ActiveX Control Multiple Insecure Methods CVE-2008-4749 Bugtraq: 31907 35542 DB Software Laboratory VImpX.ocx Severe ActiveX Control Multiple Insecure Methods CVE-2008-4749 Bugtraq: 31907 35543 DB Software Laboratory VImpX.

PAGE 200

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 201

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 Threat Level ID Signature Name 35576 ImageShack Toolbar ImageShackToolbar.dll Severe ActiveX Control Insecure Method Vulnerability CVE-2008-4549 Bugtraq: 27439 35577 ImageShack Toolbar ImageShackToolbar.dll Warning ActiveX Control Insecure Method Vulnerability CVE-2008-4549 Bugtraq: 27439 35578 Microsoft Internet Explorer ADODB.

PAGE 202

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 35602 Yahoo Messenger 8.1 ActiveX Remote Denial of Service Attack Severe CVE-2007-6228 Bugtraq: 26656 35603 Yahoo Messenger 8.1 ActiveX Remote Denial of Service Attack Severe CVE-2007-6228 Bugtraq: 26656 35604 Yahoo Messenger 8.1 ActiveX Remote Denial of Service Attack Warning CVE-2007-6228 Bugtraq: 26656 35605 Yahoo Messenger 8.

PAGE 203

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 35621 HP Instant Support HPISDataManager.dll ActiveX Control Multiple Vulnerabilities Severe 35622 HP Instant Support HPISDataManager.dll ActiveX Control Multiple Vulnerabilities Severe 35623 HP Instant Support HPISDataManager.dll ActiveX Control Multiple Vulnerabilities Severe 35624 NCTsoft AudFile.

PAGE 204

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 35637 Data Dynamics ActiveBar Actbar3.OCX ActiveX Control Insecure Methods Vulnerability Severe CVE-2007-3883 Bugtraq: 24959 35638 Data Dynamics ActiveBar Actbar3.

PAGE 205

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 35655 Friendly Technologies fwRemoteCfg.dll ActiveX Remote Buffer Overflow Vulnerability Severe 35656 Google Chrome Browser 0.2.149.27 Automatic File Download Exploit Warning 35657 Google Chrome Browser 0.2.149.27 denial of Severe service attack 35658 Google Chrome Browser 0.2.149.

PAGE 206

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 207

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 35692 Chilkat Socket activex 2.3.1.1 Remote Arbitrary File Creation Vulnerability Severe 35693 Chilkat Socket activex 2.3.1.1 Remote Arbitrary File Creation Vulnerability Severe 35694 Chilkat Socket activex 2.3.1.1 Remote Arbitrary File Creation Vulnerability Severe 35695 Chilkat Socket activex 2.3.1.

PAGE 208

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 35812 MW6 Barcode ActiveX (Barcode.dll) Insecure Method Vulnerability Warning CVE-2008-4924 Bugtraq: 31979 35813 MW6 Barcode ActiveX (Barcode.dll) Insecure Method Vulnerability Warning CVE-2008-4924 Bugtraq: 31979 35814 MW6 DataMatrix ActiveX (DataMatrix.dll) Insecure Method Vulnerability Warning CVE-2008-4925 Bugtraq: 31980 35815 MW6 DataMatrix ActiveX (DataMatrix.

PAGE 209

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 35832 PowerPoint Viewer OCX 3.1 Remote File Execution Vulnerability Warning CVE-2007-2494 Bugtraq: 23733,33243 35834 TeamSpeak 'help' Command Directory Traversal Vulnerability Severe Bugtraq: 33256 35835 Web on Windows 'WriteIniFileString/ShellExecute' Arbitrary File Overwrite Vulnerability Severe CVE-2009-0389 Bugtraq: 33515 35836 ZeroShell 1.

PAGE 210

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 35905 Trojan Asprox Form Submission to C&C servers Severe 35906 MS09-002 Exploit in the Wild ActiveX MSWord Vulnerability Warning CVE-2009-0075 35907 MS09-002 Exploit in the Wild ActiveX MSWord Vulnerability Severe CVE-2009-0075 35908 MS09-002 Exploit in the Wild ActiveX MSWord Vulnerability Warning CVE-2009-0075 35909 TROJAN AdWare.Win32.

PAGE 211

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 212

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level Industry ID 36416 MW6 Barcode ActiveX (Barcode.dll) Reamote Heap Overflow Warning CVE-2009-0298 Bugtraq: 33451 36417 MW6 Barcode ActiveX (Barcode.dll) Reamote Heap Overflow Severe CVE-2009-0298 Bugtraq: 33451 36418 MW6 Barcode ActiveX (Barcode.dll) Reamote Heap Overflow Severe CVE-2009-0298 Bugtraq: 33451 36419 MW6 Barcode ActiveX (Barcode.

PAGE 213

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 214

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.

PAGE 215

ProCurve TMS zl Module IPS/IDS Signature Quick Reference Version RLX.10.2.2.94 ID Signature Name Threat Level 37051 SQL Injection With AND Warning 38000 Trend Micro ServerProtect Spntsvc.exe DCE/RPC multiple buffer overflow Exploit Severe CVE-2007-4218 Bugtraq: 25395 38001 Trend Micro ServerProtect Spntsvc.exe DCE/RPC multiple buffer overflow Exploit Severe CVE-2007-4218 Bugtraq: 25395 38002 Trend Micro ServerProtect Spntsvc.