TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
138
would result in execution of the script code in the security context of the EmuMail site. Update latest verion may
available at vendor website.
Signature ID: 1098
Sambar Server environ.pl Cross-site Scripting Vulnerability
Threat Level: Information
Bugtraq: 7209
Signature Description: Sambar server is a multi-threaded, extensible application server. Sambar Server, version 5.3 and
earlier, is a cross-site scripting vulnerability. This rule will triggered when an attacker could create a specially-crafted
URL request to the environ.pl, an attacker could use this vulnerability to steal the victim's cookie-based authentication.
No remedy available as of September, 2008.
Signature ID: 1099
Environ.cgi access Vulnerability
Threat Level: Information
Signature Description: This rule detects when an attacker access a request to the environ.cgi. This CGI script is
commonly requested in vulnerability scans, and attacker can use this vulnerability script to gather system configuration
information.
Signature ID: 1100
Everythingform.cgi Arbitrary Command Execution Vulnerability
Threat Level: Information
Industry ID: CVE-2001-0023 CVE-2002-0749 Bugtraq: 2101,4579 Nessus: 11748
Signature Description: Leif Wright's everythingform.cgi script a Perl script that processes multiple forms, contains a
parsing vulnerability in a hidden "config" field that enables an attacker to run arbitrary shell commands with the
security context of the web server.For example attacker can put the value as ../../../../../bin/ping in the "config"
parameter, Post this commands to the everythingform.cgi to run the ping command in the context of webserver. Like
this he can run any arbitrary commands. Leif M. Wright everythingform.cgi 2.0 is prone to this vulnerability
Signature ID: 1101
EZNE.NET Ezboard 2000 Remote Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2002-0263 CVE-2002-0749 Bugtraq: 4068,4579 Nessus: 11748
Signature Description: Easyboard is a guestbook script that works with a text file for data storage, the display can be
tweaked by setting variables and the script is just one part of code that you have to insert into php page. EZNE.net
ezboard 1.27 version is vulnerable, this version server 'ezadmin.cgi' script is allows a malicious user(remote attacker) to
craft an HTTP request that causes a buffer overflow condition on the web server, and can overwrite system memory
with data included in the URL. The remote attacker will send large amounts of data, normally in some CGI programs,
user supplied data is written to a staticly sized array, the received data is more than the declared array size buffer
overflow will ocuur and overwrite adjacent areas of stack memory. If return pointers are overwritten, arbitrary code
may be executed as the vulnerable process.
Signature ID: 1102
EZNE.NET Ezboard 2000 Remote Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2002-0263
CVE-2002-0749 Bugtraq: 4068,4579 Nessus: 11748
Signature Description: Easyboard is a guestbook script that works with a text file for data storage, the display can be
tweaked by setting variables and the script is just one part of code that you have to insert into php page. EZNE.net
ezboard 1.27 version is vulnerable, this version server 'ezboard.cgi' script is allows a malicious user(remote attacker) to