TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1016
organizations increase Web site and application availability while lowering system administration costs. Microsoft IIS
6.0 and 5.1 versions are vulnerable to this remote code execution attack. The vulnerability is caused due to an
unspecified error within the processing of input to ASP web pages. This issue occurs when the 'HTMLEncodeLen()'
function passes 16-bit Unicode character data with values ranging from 0xd800 to 0xdfff to the 'wcsncpy()' function.
This will cause a pointer value in 'wcsncpy()' to be overwritten with user-controlled data. This can be exploited to
execute arbitrary code with the privileges of the Worker Process Identity (WPI) by passing specially crafted input to an
ASP page. Microsoft has released updates to resolve this issue.
Signature ID: 35848
MLdonkey <= 2.9.7 HTTP DOUBLE SLASH Arbitrary File Disclosure Vulnerability
Threat Level: Warning
Signature Description: Mldonkey is a client program for the E-Donkey network. It is configurable to implement the use
of a web-based interface that can listen on an arbitrary port. MLDonkey version 2.9.7 and prior are vulnerable to
arbitrary file disclosure vulnerability. The vulnerability is caused due to the "src/utils/lib/url.ml" script not properly
handling file requests starting with double forward slashes. This can be exploited to access files residing outside the
web root by requesting files with a preceding double forward slash sequence (e.g. "http://host:4080//etc/passwd"). The
vendor has issued a temporary patch to resolve this issue.
Signature ID: 35849
Chilkat FTP ActiveX (SaveLastError) Insecure Method Vulnerability
Threat Level: Severe
Bugtraq: 32333
Signature Description: Chilkat FTP ActiveX is a useful component that helps you download and upload files drom/to a
FTP server. It support FTPS, session logging, resume (restart) FTP uploads and downloads and etc. ChilkatFTP.dll
version 3.0.0.2 is vulnerable to arbitrary file over write vulnerability. This vulnerability occurs when user visits a
malicious web page with out his knowlwdge which contains insecure SaveLastError() method in the Chilkat Socket
ActiveX control. Successful exploits may result in denial-of-service conditions. No remedy is available to resolve this
issue.
Signature ID: 35850
SasCam WebCam Server 2.6.5 ActiveX Remote BOF Vulnerability
Threat Level: Severe
Bugtraq: 33053
Signature Description: SasCAM is Webcam Server for capture live video streaming and broadcast it in the Internet
from your homepage or from your PC. Viewers can see live video streaming in their Web browser. SasCam Webcam
Server 2.6.5 is vulnerable to remote buffer overflow vulnerability. This vulnerability is due to the presents of insecure
Get() method of SasCam WebCam Server ActiveX control. It fails to properly bounds-check user-supplied data before
copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code within
the context of the application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will
result in denial-of-service conditions. No official patch details are available to resolve this issue but user can set killbit
to the clsid for stopping this vulnerability.
Signature ID: 35901
PowerNews news.php newsid parameter SQL Injection vulnerability
Threat Level: Severe
Bugtraq: 33081
Signature Description: PowerNews is a web-based application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the "newsid" parameter of the "news.php" script. This can
be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability