TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
248
Signature ID: 1828
WEB-JBrowser PHP /_admin access vulnerability
Threat Level: Information
Industry ID: CVE-2007-1156 Bugtraq: 9537 Nessus: 12032
Signature Description: JBrowser is a French program that allows a user to create miniature gallery images for
Microsoft Windows operating systems. JBrowser versions 2.4 and earlier are vulnerable Unauthorized access. Due to a
lack of access validation to the '_admin' directory, malevolent users may be able to execute arbitrary admin scripts.
This may allow a malicious user to upload arbitrary files to the affected system and gain access to files outside of the
web server root directory.
Signature ID: 1829
WEB-PHP Advanced Poll admin_comment.php access Vulnerability
Threat Level: Information
Industry ID: CVE-2003-1180 Bugtraq: 8890 Nessus: 11487
Signature Description: Advanced poll is a freely available, open source PHP web application. It is available for the
Unix, Linux, and Microsoft operating systems. Advanced Poll version 2.0.2 could allow a remote attacker to include
malicious PHP files. By sending a specially-crafted URL request to the admin_comment.php script using 'base_path' or
'pollvars[lang]' variables, which would allows remote attacker to read arbitrary files or inject arbitrary local PHP files.
No remedy available as of August, 2008.
Signature ID: 1830
WEB-PHP Advanced Poll admin_edit.php access Vulnerability
Threat Level: Information
Industry ID: CVE-2003-1180 Bugtraq: 8890 Nessus: 11487
Signature Description: Advanced poll is a freely available, open source PHP web application. It is available for the
Unix, Linux, and Microsoft operating systems. Advanced Poll version 2.0.2 could allow a remote attacker to include
malicious PHP files. By sending a specially-crafted URL request to the admin_edit.php script using 'base_path' or
'pollvars[lang]' variables, which would allows remote attacker to read arbitrary files or inject arbitrary local PHP files.
No remedy available as of August, 2008.
Signature ID: 1831
WEB-PHP Advanced Poll admin_embed.php access Vulnerability
Threat Level: Information
Industry ID: CVE-2003-1180
Bugtraq: 8890 Nessus: 11487
Signature Description: Advanced poll is a freely available, open source PHP web application. It is available for the
Unix, Linux, and Microsoft operating systems. Advanced Poll version 2.0.2 could allow a remote attacker to include
malicious PHP files. By sending a specially-crafted URL request to the admin_embed.php script using 'base_path' or
'pollvars[lang]' variables, which would allows remote attacker to read arbitrary files or inject arbitrary local PHP files.
No remedy available as of August, 2008.
Signature ID: 1832
WEB-PHP Advanced Poll admin_help.php access Vulnerability
Threat Level: Information
Industry ID: CVE-2003-1180
Bugtraq: 8890 Nessus: 11487
Signature Description: Advanced poll is a freely available, open source PHP web application. It is available for the
Unix, Linux, and Microsoft operating systems. Advanced Poll version 2.0.2 could allow a remote attacker to include
malicious PHP files. By sending a specially-crafted URL request to the admin_help.php script using 'base_path' or