TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1050
name, contains "%01" character before an @ sign in the user@domain portion of the URI. Mshtml.dll is the vulnerable
program, which displays a URL string containing "%01" incorrectly at "Address Bar" and "Status Bar" of its host
programs, i.e. Internet Explorer, Outlook Express, etc.<br><br>However, the function of printing a UNICODE string
should be patched to convert all non-printable characters, such as '\\x01' to '\\x09' to a single space character '\\x20'.
Signature ID: 38082
Multiple Vendor Telnet Client env_opt_add Buffer Overflow
Threat Level: Warning
Industry ID: CVE-2005-0468
Signature Description: A vulnerability exists in the way the env_opt_add function of certain telnet clients processes the
NEW-ENVIRON sub-options. A buffer in the vulnerable telnet client can be overflowed by a telnet server by sending a
specially crafted SEND command. An attacker may exploit this flaw to execute arbitrary code on the target system with
the privileges of the account executing the telnet client.The vulnerable program is the binary telnet and the source code
file telnet.c.The vulnerable function is env_opt_add().The function accepts the variable name list from the attacker.
Signature ID: 38085
Ipswitch WhatsUp Web Interface SQL Injection vulnerability
Threat Level: Warning
Industry ID: CVE-2005-1250
Signature Description: There exists a SQL injection vulnerability in Ipswitch WhatsUp Professional. The flaw is
caused by insufficient validation of user supplied data submitted to the product's Web interface. The vulnerability can
allow an attacker to execute arbitrary SQL statements in the WhatsUp database.The vulnerable program is the library
file CoreAsp.dll.The vulnerable function constructs an SQL statement using a user supplied string.The problematic
parameter is the CGI variable sUserName, which is passed to page Login.asp.
Signature ID: 38086
Symantec Backup Exec for Windows Server Scheduler ActiveX Control Buffer Overflow
Threat Level: Warning
Industry ID: CVE-2007-6016
Signature Description: There exists a buffer overflow vulnerability in the Symantec Backup Exec for Windows Servers
(BEWS). The vulnerability is due to insufficient boundary checks in methods exposed by an ActiveX control of the
Scheduler component. Remote attackers can exploit this vulnerability by enticing target users to visit a malicious web
page. Successful exploitation would allow code execution in the security context of the currently logged-in user.The
vulnerable program is ActiveX control pvcalendar.ocx.The vulnerable function is responsible for handling the string
assigned to the properties: * _DOWText0 to _DOWText6 _MonthText0 to _MonthText11 The affected parameter is
the string assigned to the properties: _DOWText0 to _DOWText6 and _MonthText0 to _MonthText11.
Signature ID: 38087
BitDefender Online Scanner ActiveX Control Buffer Overflow
Threat Level: Warning
Industry ID: CVE-2007-5775
Signature Description: There exists a buffer overflow vulnerabilities in BitDefender Online Scanner. These
vulnerabilities are caused due to boundary errors within the BitDefender Online Scanner OScan.ocx ActiveX Control.
A remote attack can exploit this vulnerability by enticing the target user to open a crafted webpage, potentially causing
arbitrary code to be injected and executed in the security context of the current user.The vulnerable program is the
ActiveX control binary oscan8.ocx.The vulnerable method exposed by the affected control is InitX().The affected
method accepts a string as its only parameter.