TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1022
Signature Description: WordPress is a blogging application that is written in PHP. It can use it to create any type of
web site and use it as a Content Management System. WordPress, version 2.1.1, could allow a remote attacker to
execute arbitrary commands on the system. This signature detects when an attacker sending a specially-crafted request
to the feed.php script using the ix parameter. The successful exploitation may allow an attacker to execute malicious
shell commands with the privileges of the Web server. The issue is fixed in the version of WordPress(2.1.2 or later),
available from the WordPress web site. The Administrators are advise to update the latest version of WordPress(2.1.2
or later) for resolve the issue.
Signature ID: 36213
WordPress Backdoor iz Parameter Untrusted Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-1277
Bugtraq: 22797
Signature Description: WordPress is a blogging application that is written in PHP. It can use it to create any type of
web site and use it as a Content Management System. WordPress, version 2.1.1, could allow a remote attacker to
execute arbitrary commands on the system. This signature detects when an attacker sending a specially-crafted request
to the theme.php script using the iz parameter. The successful exploitation may allow an attacker to execute malicious
shell commands with the privileges of the Web server. The issue is fixed in the version of WordPress(2.1.2 or later),
available from the WordPress web site. The Administrators are advise to update the latest version of WordPress(2.1.2
or later) for <br>resolve the issue.
Signature ID: 36214
PollMentor pollmentorres.asp id Parameter SQL Injection Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-0984 Bugtraq: 22542
Signature Description: PollMentor allows user to insert and manage polls on user web site. It stores each vote in a
database table. Just one vote per 24 hour is allowed per unique IP address. PollMentor, version 2.0, is a SQL injection
vulnerability. This issue is triggered when an attacker sending a specially-crafted SQL statements to the
'pollmentorres.asp' script using the 'id' parameter. The successful exploitation may allow an attacker to view, add,
modify or delete information in the back-end database. No remedy available as of February 16, 2009.
Signature ID: 36216
PHP phpinfo() Cross Site Scripting Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-3388 Bugtraq: 15248
Signature Description: PHP is a widely-used general-purpose scripting language that is especially suited for web
development and can be embedded into HTML. PHPinfo, version 4.x up to 4.4.0 and 5.x up to 5.0.5, is a Cross-site
scripting vulnerability. The phpinfo() function is used for debugging purposes. This includes information about PHP
compilation options and extensions, the PHP version, server information and environment, OS version information,
paths, master and local values of configuration options and request variables, HTTP header, and the PHP License. This
signature detects when a remote attacker can create a specially-crafted link to a vulnerable PHP script that includes
hostile client-side script code or HTML. If this link is visited, the attacker supplied code may be rendered in the
browser of the user who visited the malicious link. The successful exploitation may allow an attacker to access the
target user's cookies and access data or take actions on the site acting as the target user. The issue is fixed in the version
of PHP 4.4.1 and 5.1, which is available from vendor web site.
Signature ID: 36217
PHP zip:// URL Wrapper Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-1399 Bugtraq: 22883