TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
190
the user inputs through the uri, so a malicious user(remote attacker) could exploit this vulnerability by sending arbitrary
Perl code to the Web server using an HTTP POST request. Patches are available at novell website.
Signature ID: 1355
PowerScripts PlusMail WebConsole Poor Authentication vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0074
Bugtraq: 2653 Nessus: 10181
Signature Description: PowerScripts PlusMail Web Control Panel is a web-based administration suite for maintaining
mailing lists, mail aliases, and web sites. It is reportedly possible to change the administrative user name and password
without knowing the current one, by passing the proper arguments to the plusmail script. This can be accomplished by
submitting the argument "new_login" with the value "reset password" to the plusmail script (typically /cgi-
bin/plusmail). Other arguments the script expects are "user name", "password" and "password1", where user name
equals the new log in name, password and password1 contain matching passwords to set the new password to.
PowerScripts PlusMail WebConsole 1.0 is prone to this vulnerability.
Signature ID: 1356
Queryhit.htm access Vulnerability
Threat Level: Information
Nessus: 10370
Signature Description: Queryhit.htm file is a sample search page. It is used to find password(.pwd) files on the system.
This rule triggered when an attacker access the queryhit.htm file, an attacker can use this vulnerability to execute
arbitrary commands on the system and read arbitrary files or gain sensitive information.
Signature ID: 1357
Remote Command Service attempt Vulnerability
Threat Level: Information
Signature Description: The Remote Command Service consists of client and server components. The client component
is a command-line program, Rcmd.exe. It provides a secure, stable way to remotely administer and run command-line
programs. The server component, Rcmdsvc.exe, is installed and run as a service. This rule will trigger when an attacker
access to the 'rcmd.exe', an attacker can use this vulnerability to execute arbitrary commands on the system.
Signature ID: 1358
Robots.txt file access vulnerability
Threat Level: Warning
Nessus: 10302
Signature Description: The robots.txt file exists on the webserver to provide instructions to automated crawling engines
(such as Yahoo! or Google) to NOT index specified areas of the application. Robots.txt is a regular text file that
through its name, has special meaning to the majority of "honorable" robots on the web. By defining a few rules in this
robots.ext file, we can instruct robots to not crawl and index certain files, directories within site, or at all.
Signature ID: 1359
Caldera OpenLinux 2.3 rpm_query CGI information disclosure Vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0192
Bugtraq: 1036 Nessus: 10340
Signature Description: Caldera OpenLinux is a defunct Linux distribution that was created by the former Caldera
Systems corporation. It was the early "business oriented distribution" and foreshadowed the direction of developments
that came to most other distributions and the Linux community generally. Caldera OpenLinux 2.3 is vulnerable version
to gain access, a CGI is installed in /home/httpd/cgi-bin/ path the name is rpm_query. Any user can run this CGI and