TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1025
Signature ID: 36305
VLC HTTPd Connection Header Format String Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-6682
Bugtraq: 27015
Signature Description: VideoLAN VLC media player is an open-source, highly portable multimedia player for various
audio and video formats, as well as DVDs, VCDs, and various streaming protocols. It can also be used as a server to
stream in unicast or multicast in IPv4 or IPv6 on a high bandwidth network. VLC, version 0.8.6d, media player is a
format string vulnerability. This issue is triggered when an attacker sending a specially-crafted 'format string' specifiers
in the 'connection' parameter. The successful exploitation may allow an attacker to execute arbitrary code on the
system. The issue is fixed in the version of VLC *0.8.6e or later), available from the web site. The administrators are
advised to update the latest version of VLC (0.8.6e or later) for resolve the issue.
Signature ID: 36401
DoS attack on Netgear SSL312 VPN router
Threat Level: Severe
Industry ID: CVE-2005-2847 CVE-2008-1145 Bugtraq: 33675
Signature Description: Netgear SSL312 VPN Router is a device, provides VPN Access to the corporate network
through internet. Netgear SSL312 is prone to Denial of Service attack. The attackers those who has access to the
webinterface of the Netgear SSL312 can crash the device by sending a malformed http request. The vulnerable page on
the Netgear SSL312 is "cgi-bin/welcome/VPN_only", this page cannot handle when the input is "../../".
Signature ID: 36402
Amaya Web Editor bdo tag dir property overflow vulnerability
Threat Level: Severe
Signature Description: Amaya is a open source Web editor,and a tool used to create and update documents directly on
the Web. Amaya lower versions than of 11.0 are vulnerable to this attack. Ayama has remote access and editing
facilities. The remote attacker can send the malicious html bdo tag to overflow the dir property with a long string. This
rule hits when html "bdo" tag "dir" property has more than 160 characters in its value. The Amaya Versions more than
11.0 are not vulnerable to this attack. Patches are available at the vendors site.
Signature ID: 36403
Amaya Web Editor HTML Input tag, Type property Buffer overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2009-0323
Signature Description: Amaya is a open source Web editor,and a tool used to create and update documents directly on
the Web. Amaya lower versions than of 11.0 are vulnerable to this attack. Ayama has remote access and editing
facilities. The remote attacker can send the malicious html page as response with bdo tag to overflow the dir property
and with a long string. This rule hits when the html "input" tag and the "type" property has more than 50 characters in
its value. The Amaya Versions more than 11.0 are not vulnerable to this attack. Patches are available at the vendors
site.
Signature ID: 36405
Zinf Audio Player 2.2.1 PLS File Stack Overflow
Threat Level: Severe
Industry ID: CVE-2004-0964 Bugtraq: 11248
Signature Description: Audio players allows the users to access the play list file from the remote site. Play list file will
have the list of items to play. The remote attacker can exploit the Zinf Audio Player 2.2.1 with a specially crafted pls
file and can cause the application to crash. This rule hits for the http responce has more than 1024 bytes size and the
track state PLS_FILE_ACCESSED is in the active state.