TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
193
content, and mail delivery. It can be managed through a web-based console interface. Trend Micro, InterScan
eManager 3.51 and Trend Micro, InterScan eManager 3.51J versions are vulnerable, it is a stack-based vulnerability.
Several CGI components of eManager contain a buffer overflow vulnerability which could allow an attacker to execute
arbitrary code within the Local System context. Several CGI components of eManager is not validating the user input
values, after received request with out proper validation cop-ying the given values(overly long values) in to static
buffer at that time that buffer will overflow, then there is a chance to execute arbitrary code within the Local System
context. This signature triggers when an attacker access to the 'spamrule.dll' file.
Signature ID: 1369
Webcam Corp's Webcam Watchdog sresult.exe Cross-Site Scripting vulnerability
Threat Level: Warning
Industry ID: CVE-2004-2528 Bugtraq: 10837 Nessus: 14186
Signature Description: Watchdog can record video over a long period of time and monitoring a remote location over
the Internet. Watchdog is usefull to initiate video recording when there's a motion detected. Watchdog can also alert by
emailing the captured image and play the alarm sound. Webcam Corp Webcam Watchdog 4.0.1 version is vulnerable,
this version is affected by a remote cross-site scripting vulnerability in the sresult.exe binary. A malicious user(remote
attacker) can pass malicious HTML code as a value for the affected URI parameter supplied to 'sresult.exe', after
received this software is not validating properly the user supplied inputs, it is possible for a remote attacker to create a
malicious link containing script code that will be executed in the browser of a legitimate user.
Signature ID: 1370
Telnet attempt on HTTP
Threat Level: Information
Signature Description: This event is generated when an attempt is made to access telnet service through Web request.
It is possible to access the telnet service via http request, Attacker's may use this service to enter into the vulnerable
system.
Signature ID: 1371
Tftp attempt on HTTP
Threat Level: Information
Signature Description: This event is generated when an attempt is made to access tftp serivce through Web request.It is
possible to access the tftp service via http request, Attacker's may use this service to download or upload information to
or from the vulnerable system.
Signature ID: 1372
UltraBoard DoS Vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0426
CVE-2002-0749 Bugtraq: 1175,4579 Nessus: 11748
Signature Description: UltraBoard is a powerful, easy to use and navigate, fully customizable bulletin board system. It
can add interactive message boards to any web site and can increase user interest and use of a web site dramatically.
UltraScripts UltraBoard is an Example of an individual, Web server program. UltraScripts UltraBoard 1.6 and prior
versions also vulnerable to denial of serveice. A malicious user(remote attacker) is able to expend all of the available
resources of the web server by using a specially-devised request to the CGI. This request causes a fork copies of itself,
which will then consume the processor time and memory of the server then the device goto denial of service.
Signature ID: 1373
Unify eWave ServletExec DOS Attack Vulnerability
Threat Level: Warning
Industry ID: CVE-2000-1025
Bugtraq: 1868