TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1014
Signature ID: 35837
3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass Vulnerability
Threat Level: Warning
Signature Description: The 3Com OfficeConnect Wireless Cable/DSL Router is a high-speed, affordable, and easy-to-
use small office solution that lets wireless and wired PCs and laptops securely share a single broadband Internet
connection. 3Com OfficeConnect Wireless Cable/DSL Router is vulnerable to authentication bypass vulnerability. If
the "Backup Configuration" system tool has been invoked by the administrator, a remote user can invoke the
'SaveCfgFile.cgi' script to obtain the 'config.bin' system configuration file, which contains configuration information,
usernames, passwords, WIFI keys, and other potentially sensitive information. A remote user on the Internet interface
can exploit this flaw if "Remote Administration" has been enabled. No solution was available at the time of this entry
Signature ID: 35838
ProFTPd with mod_mysql Authentication Bypass Vulnerability
Threat Level: Severe
Industry ID: CVE-2009-0542 Bugtraq: 33722
Signature Description: ProFTPD is configurable GPL-licensed FTP server software for Linux and Unix based
operating systems. It can be used to configure multiple virtual FTP servers easily, and has chroot capabilities depending
on the underlying filesystem. It can run as standalone server or inetd service. It's able to work over IPv6. Its design is
modular, which enabled writing SSL/TLS encryption, RADIUS, LDAP and SQL extensions as modules. ProFTPD
1.3.2 rc2 is vulnerable to SQL Injection vulnerability. The sql_escapestring replaces ' with \' to prevent SQL injection.
But if the user enters %' as part of his username, which gets transformed to %\' by the escape function, mod_sql tries to
substitute the variable. As %\ is an unknown variable it get's transformed to {UNKNOWN TAG}' - thus leaving the
quote intact and allowing injection of arbitrary sql code.
Signature ID: 35839
Google Chrome 'chromeHTML://' Command Line Parameter Injection Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-5750 Bugtraq: 32997
Signature Description: Google Chrome is a web browser developed by Google and based on the WebKit layout engine
and application framework. It was first released as a beta version for Microsoft Windows on September 2, 2008.
Google Chrome version 1.0.154.46 is vulnerable to Command Line Parameter Injection Vulnerability. This issue
occurs because the application fails to adequately sanitize user-supplied input. Exploiting this issue would permit
remote attackers to influence command options that can be called through the vulnerable protocol handler and to
execute commands and arbitrary code with the privileges of a user running the application. No remedy is available to
resolve this issue.
Signature ID: 35841
GeoVision LiveX ActiveX Control 'SnapShotToFile()' Arbitrary File Overwrite Vulnerability
Threat Level: Severe
Bugtraq: 33782
Signature Description: Geovision GV800, is a remote network security surveillance equipment, which brings the
utmost digital video quality and performance for business and home security by offering the highest recording frame
rate in the Geovision product family (120 fps in NTSC, 100 fps PAL). It also provides 4 channels audio recording.
GeoVision LiveX ActiveX control 7000, 8120, and 8200 are vulnerable to arbitrary file overwrite vulnerability. An
attacker can exploit this issue to corrupt and overwrite arbitrary files on a victim's computer in the context of the
vulnerable application using the ActiveX control. The exploit is caused due to the presents of insecure
SnapShotToFile() method in the GeoVision LiveX ActiveX control. No remedy is available as of 19th February, 2009
to resolve this issue.