Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
21222324252627282930
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
21
Web site. The access settings for this URL can be either 'allow all' or 'allow no one'. An attacker can gain valuable
information if the access is given to this URL. Hence access to this information must be restricted.
Signature ID: 123
Endymion MailMan ALTERNATE_TEMPLATES File Disclosure vulnerabilities
Threat Level: Warning
Industry ID: CVE-2001-0021 Bugtraq: 2063 Nessus: 10566
Signature Description: Endymion MailMan is a web-email interface application written in Perl, commonly used on
Linux systems. A vulnerability exists in versions of Endymion MailMan Webmail prior version 3.0.26. Affected
versions make insecure use of the perl open() function. Attackers can control the way open() is supposed to work and
execute arbitrary commands.These commands will be executed with the privilege level of the CGI script. This
vulnerability may allow remote attackers to gain interactive 'local' access on the target server.
Signature ID: 124
Mailnews.cgi Username Remote Shell Commands Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0271 Bugtraq: 2391 Nessus: 10641
Signature Description: Mailnews is a CGI script that helps administrators operate their mailing list efficiently, by
among other things allowing them to allow remote users to subscribe and unsubscribe from the mailing list.
mailnews.cgi 1.3 and earlier allow remote attackers to execute arbitrary commands via a user name that contains shell
metacharacters. A remote attacker can insert a new user to the mailnews' user file which includes malicious shell
commands in the username field. Upon displaying this this data, the embedded commands will execute with the
privileges of the webserver process.
Signature ID: 125
MiniVend Piped command vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0635 Bugtraq: 1449 Nessus: 10473
Signature Description: MiniVend is an e-commerce system developed originally by Mike Heins. MiniVend version
4.04 and earlier come with a sample storefront which is vulnerable. The file VIEW_PAGE.HTML does not parse user
input to check for a pipe as part of an input filename. The UTIL.PM uses the perl OPEN function to check for the
existence of the supplied filename without any validation, allowing piped commands to be executed.
Signature ID: 126
IIS ctss.idc access vulnerability
Threat Level: Warning
Nessus: 10359
Signature Description: Microsoft IIS is a popular web server package for Windows based platforms. Microsoft IIS 3.0
contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the ctss.idc
example file, which does not sanitize user-supplied input.The mkilog.exe is a Common Gateway Interface (CGI) script
that can be used to view and modify SQL database contents.It posts data to vulnerable module, ctss,idc, that creates a
table based on the parameters passed to it. Data Source Name, User ID, and Password must be known to exploit this
vulnerability.
Signature ID: 128
NT Options pack MDAC RDS Vulnerability
Threat Level: Warning
Industry ID: CVE-1999-1011 Bugtraq: 529 Nessus: 10357
Signature Description: Windows NT is a family of operating systems produced by Microsoft. The Windows NT