TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
184
Signature ID: 1325
EditTag edittag.pl File Disclosure Vulnerability
Threat Level: Warning
Bugtraq: 6675
Signature Description: EditTag is a script which facilitates website content management. EditTag allows users to edit
pages using a web interface, but restricts editing to specific tagged areas of the document. This feature enables website
managers to create a way for content authors who may not know HTML to update a web page in real time without
having to worry about adversely affecting the underlying HTML code. Greg Billock EditTag 1.1 is vulnerable version,
a malicious user(remote attacker) could send a request, that contains encoded directory traversal sequences after
received this type of requests EditTag 'edittag.pl'perl script does not validate properly the CGI parameters result in the
disclosure of arbitrary web server readable files.
Signature ID: 1326
CGI Perl mail programs allow execution of arbitrary commands vulnerability
Threat Level: Information
Industry ID: CVE-1999-1155
Signature Description: Many of these Perl-based programs accept metacharacters in the recipient's email address field.
A malicious user(remote attacker) can insert specially-crafted metacharacters into this field to execute arbitrary
commands on the system running the script.
Signature ID: 1327
Virtual Visions FTP Browser directory traversal vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0674 Bugtraq: 1471 Nessus: 10467
Signature Description: The Virtual Visions FTP Browser is a CGI script that provides an HTML interface to files that
available to download. FTP Browser allows user to display a html enhanced directory listing, which is great for
managing user ftp files. Virtual Vision FTP Browser 1.0 is version vulnerable to directory traversal. A malicious
user(remote attacker) could send a URL request containing "dot dot" sequences (/../) to the server as "dir" parameter
value, after received this type of requests it is not validating properly the user supplied data, then there is chance to
traverse directories and retrieve arbitrary files from the Web server. This signature detects whenevr tha user try to
access ftp.pl.
Signature ID: 1328
Virtual Visions FTP Browser directory traversal vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0674 Bugtraq: 1471 Nessus: 10467
Signature Description: The Virtual Visions FTP Browser is a CGI script that provides an HTML interface to files that
available to download. FTP Browser allows user to display a html enhanced directory listing, which is great for
managing user ftp files. Virtual Vision FTP Browser 1.0 is version vulnerable to directory traversal. A malicious
user(remote attacker) could send a URL request containing "dot dot" sequences (/../) to the server as "dir" parameter
value, after received this type of requests it is not validating properly the user supplied data, then there is chance to
traverse directories and retrieve arbitrary files from the Web server.
Signature ID: 1329
PHP-Survey Global.INC Information Disclosure Vulnerability
Threat Level: Information
Industry ID: CVE-2002-0614 Bugtraq: 4612 ,4612
Signature Description: PHP-Survey is an online survey creation and management system written in PHP. It uses a