TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1017
requires that "magic_quotes_gpc" is disabled. PHP is prone to a security-bypass weakness. Attackers can use this issue
to bypass security checks in PHP applications that rely on the Magic Quotes functionality. This opens such applications
up to potential attacks that take advantage of the software's failure to properly sanitize user input. This vulnerability is
confirmed in version 2.5.4. Other versions may also be affected.
Signature ID: 35902
Pligg check_url.php url parameter SQL Injection vulnerability
Threat Level: Severe
Bugtraq: 32970
Signature Description: Pligg is an open source Content Management System (CMS) that can download and use for
free. Pligg CMS provides social networking software that encourages visitors to register on their website so that they
can submit content and connect with other users. Pligg content management system is used to start your own social
networking community. It is prone to SQL-injection vulnerability, it fails to sufficiently sanitize user-supplied data
before using it in an SQL query. Vulnerability present in 'evb/check_url.php' unfiltered 'url' parameter using MySQLs
CHAR() function to convert shell to allowed chars. Exploiting this issue could allow an remote attacker to compromise
the application, access or modify the data, or exploit the vulnerabilities in the underlying database. Pligg 9.9.5b is
vulnerable; other versions may also be affected.
Signature ID: 35903
Pixel8 Web Photo Album "AlbumID" SQL Injection Vulnerability
Threat Level: Severe
Bugtraq: 33069
Signature Description: Pixel8 is an ASP photo album designed for sharing digital photographs online through installing
on your web server. It includes the ability to change the color scheme, create unlimited albums Other key features
included backup database, automatic thumbnailer, hit counter, password protect album, next photo preview, create and
edit users, block user, usage summary, different access levels. It contains a vulnerability that may allow an attacker to
allow SQL injection attack. The issue is due to Input passed to the "AlbumID" parameter in Photo.asp is not properly
sanitized before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary
SQL code. The vulnerability is reported in version 3.0. Other versions may also be affected. Exploiting this issue could
allow an attacker to compromise the application, access or modify data, or exploit vulnerability in the underlying
database.
Signature ID: 35905
Trojan Asprox Form Submission to C&C servers
Threat Level: Severe
Signature Description: Asprox is a dangerous Trojan is being spread through rogue e-mails and websites which are out
of control. It launches a hidden proxy server on the infected computer. Asprox can connect individual computers from
various locations into larger systems.The infected machines can be used for malicious attacks and also this
automatically installs itself on a visitor's computer and enables hackers to access financial information and more
confidential information. There are no symptoms of Asprox Trojan infection. It silently works in a background and do
not display pop-ups or hijack browsers homepage like other malware's act. This signature will trigger when forum.php
post data with the particular boundary ID pulls updates through botnet command and control servers.
Signature ID: 35906
MS09-002 Exploit in the Wild ActiveX MSWord Vulnerability
Threat Level: Warning
Industry ID: CVE-2009-0075
Signature Description: This exploit is targeting Internet Explorer 7. The attacker can send maliciously crafted
document to the unsuspecting victims. This word document contains an embedded ActiveX control with classid
AE24FDAE-03C6-11D1-8B76-0080C744F389 in opening, it connects to a website hosting the MS09-002 exploit. This