TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

191

192

193

194

195

196

197

198

199

200

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

197

LE versions, allowing passwords to be saved as part of a saved site configuration. Attacker can access ws_ftp.ini file

from outside the network may cause discloser of sensitive information. <br>The passwords are stored in the .ini files

located in the WS_FTP folder, these passwords are encrypted but the encryption method is weak and can be broken.

Signature ID: 1388

Wsh attempt Vulnerability

Threat Level: Information

Signature Description: WSH(Windows Script Host), an ActiveX scripting host providing an environment for the

execution of scripts using several languages, such as VBScript. This rule triggered when an attacker attempt to run

wsh.exe script on the remote machine, an attacker can use this vulnerability to execute arbitrary code on the system.

Signature ID: 1389

SQL Inject Vulnerability through xp_availablemedia

Threat Level: Warning

Signature Description: Windows allows the execution of Windows shell commands through the SQL Server. The

access rights with which these commands will be executed are those of the account with which SQL Server is running,

usually Local System. This event is generated when an attempt to exploit SQL Injection vulnerability on the remote

machine.The xp_availablemedia extended stored procedure is used to return a list of available storage devices that can

be written.

Signature ID: 1390

SQL Injection attempt through xp_cmdshell Vulnerability

Threat Level: Warning

Signature Description: Windows allows the execution of Windows shell commands through the SQL Server. The

access rights with which these commands will be executed are those of the account with which SQL Server is running,

usually Local System. This event is generated when an attempt to exploit SQL Injection vulnerability on the remote

machine.xp_cmdshell extended stored procedure to execute a given command string as an operating-system command

shell and return any output as rows of text.

Signature ID: 1391

SQL Injection attempt through xp_enumdsn vulnerability

Threat Level: Warning

Signature Description: Windows allows the execution of Windows shell commands through the SQL Server. The

access rights with which these commands will be executed are those of the account with which SQL Server is running,

usually Local System. This event is generated when an attempt to exploit SQL Injection vulnerability on the remote

machine.xp_enumdsn is an extended stored procedure returns a list of all system DSNs and their descriptions.

Signature ID: 1392

SQL Injection attempt with xp_filelist vulnerability

Threat Level: Warning

Signature Description: Windows allows the execution of Windows shell commands through the SQL Server. The

access rights with which these commands will be executed are those of the account with which SQL Server is running,

usually Local System. Alternatively, attacker may also try and used to known whether or not a file exists by using

procedure xp_filelist. This event is generated when an attempt to exploit SQL Injection vulnerability on the remote

machine.the xp_filelist extended stored procedure is used to known whether or not a file exists.