TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
251
Unix, Linux, and Microsoft operating systems. Advanced Poll version 2.0.2 could allow a remote attacker to include
malicious PHP files. By sending a specially-crafted URL request to the admin_tpl_new.php script using 'base_path' or
'pollvars[lang]' variables, which would allows remote attacker to read arbitrary files or inject arbitrary local PHP files.
No remedy available as of August, 2008.
Signature ID: 1846
WEB-PHP Blahz-DNS dostuff.php access Vulnerability
Threat Level: Information
Industry ID: CVE-2002-0599 Bugtraq: 4618
Signature Description: Blahz-DNS is PHP/MySQL based DNS administration with support for primary and secondary
zones, user authentication, User and Admin account types, and restricted access for user accounts to certain primary
and secondary zones. It is available for Linux systems. Blahz-DNS (Blahz-DNS version 0.2 and prior) contains a flaw
that may allow a malicious user to bypass authentication and modify DNS entries. A remote attacker can access PHP
scripts directly such as dostuff.php, instead of going through the login screen, to gain administrator access to the Blahz-
DNS system. Upgrade to the latest version of Blahz-DNS, available at Vendor's website.
Signature ID: 1847
WEB-PHP Blahz-DNS dostuff.php modify user authentication Vulnerability
Threat Level: Information
Industry ID: CVE-2002-0599 Bugtraq: 4618
Signature Description: Blahz-DNS is PHP/MySQL based DNS administration with support for primary and secondary
zones, user authentication, User and Admin account types, and restricted access for user accounts to certain primary
and secondary zones. It is available for Linux systems. Blahz-DNS (Blahz-DNS version 0.2 and prior) contains a flaw
that may allow a malicious user to bypass authentication and modify DNS entries. A remote attacker can access PHP
scripts directly such as dostuff.php, instead of going through the login screen, to gain administrator access and modify
the user accounts to the Blahz-DNS system. Upgrade to the latest version of Blahz-DNS, available at Vendor's website.
Signature ID: 1848
WEB-PHP Cyboards default_header.php access Vulnerability
Threat Level: Information
Industry ID: CVE-2007-1983 Bugtraq: 6597
Signature Description: CyBoards PHP Lite is a lightweight PHP/MySQL messageboard system with a threaded style.
CyBoards provides E-Commerce consulting, Shopping Carts, and Web Design Services for Businesses looking to
establish internet Storefronts. CyBoards PHP Lite 1.21 version could allow a remote attacker to include arbitrary files.
By sending a specially-crafted URL request to the default_header.php script using the script_path parameter to specify
a malicious file from a remote system, which could allow the attacker to execute arbitrary code with the privileges of
the target server. Upgrade the latest version of CyBoards PHP Lite, available at vendor's website.
Signature ID: 1849
WEB-PHP Cyboards options_form.php access Vulnerability
Threat Level: Information
Industry ID: CVE-2007-1983 Bugtraq: 6597
Signature Description: CyBoards PHP Lite is a lightweight PHP/MySQL messageboard system with a threaded style.
CyBoards provides E-Commerce consulting, Shopping Carts, and Web Design Services for Businesses looking to
establish internet Storefronts. CyBoards PHP Lite 1.21 version could allow a remote attacker to include arbitrary files.
By sending a specially-crafted URL request to the 'options_form.php' script using the script_path parameter to specify a
malicious file from a remote system, which could allow the attacker to execute arbitrary code with the privileges of the
target server. Upgrade the latest version of CyBoards PHP Lite, available at vendor's website.