TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
161
overflow, however it has not been confirmed whether this issue is exploitable to corrupt memory. The problem may in
fact be the result of a NULL pointer dereference.
Signature ID: 1220
Trend Micro InterScan ContentFilter.dll access Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0958 Bugtraq: 3327 Nessus: 11747
Signature Description: Trend Micro InterScan eManager is a plug-in for InterScan which manages spam, message
content, and mail delivery. It can be managed through a web-based console interface. Trend Micro, InterScan
eManager 3.51 and Trend Micro, InterScan eManager 3.51J versions are vulnerable, it is a stack-based vulnerability.
Several CGI components of eManager contain a buffer overflow vulnerability which could allow an attacker to execute
arbitrary code within the Local System context. Several CGI components of eManager is not validating the user input
values, after received request with out proper validation cop-ying the given values(overly long values) in to static
buffer at that time that buffer will overflow, then there is a chance to execute arbitrary code within the Local System
context. This signature triggers when an attacker access to the 'ContentFilter.dll' file.
Signature ID: 1221
Crystal Reports crystalImageHandler.aspx directory traversal Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-0204 Bugtraq: 10260 Nessus: 12271
Signature Description: Crystal reports is a powerful, dynamic, actionable reporting solution that helps you design,
explore, visualize, and deliver reports via the web or embedded in enterprise applications. <br>Microsoft Visual Studio
.NET 2003, Outlook 2003 with Business Contact Manager, and Business Solutions CRM 1.2 versions are vulnerable,
this Crystal Reports and Crystal Enterprise Web Form Viewer is prone to a directory traversal vulnerability. These
versions can allow an (malicious user)attacker to retrieve and delete files, allowing for information disclosure and
denial of service attacks. A malicious user(remote attacker) can exploit this issue by sending directory traversal
sequences and requesting a file through a vulnerable parameter of one of the affected modules. Patches are at vendor
websites businessobjects and microsoft websites.
Signature ID: 1223
Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
Threat Level: Warning
Nessus: 10498
Signature Description: Microsoft FrontPage (full name Microsoft Office FrontPage) is a WYSIWYG HTML editor and
web site administration tool from Microsoft for the Microsoft Windows line of operating systems. Microsoft FrontPage
2000 is vulnerable to file uploading, these misconfigured web servers allows remote clients to perform dangerous
HTTP methods such as PUT and DELETE.This can lead to unauthorized access and possibly deleting of some
important files through DELETE.
Signature ID: 1224
Demarc PureSecure Authentication Check SQL Injection Vulnerability
Threat Level: Warning
Industry ID: CVE-2002-0539
Bugtraq: 4520
Signature Description: Demarc PureSecure is a commercially available graphical front-end for Snort, in addition to
being a generalized network monitoring solution. Snort is an open-source NIDS (Network Intrusion Detection System).
Demarc PureSecure will run on most Linux and Unix variants, as well as Microsoft Windows NT/2000/XP operating
systems.A vulnerability has been reported in some versions of PureSecure. User supplied input is used to construct a
SQL statement, allowing SQL injection attacks. Administrative access may be gained through exploitation of this
flaw.Demarc PureSecure 1.0.5 Windows and Demarc PureSecure 1.0.5 Unix are prone to this vulnerability.