TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

251

252

253

254

255

256

257

258

259

260

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

259

Signature ID: 1882

WEB-PHP PhpGedView search.php access Vulnerability

Threat Level: Information

Industry ID: CVE-2004-0032

Bugtraq: 9369 Nessus: 11982

Signature Description: PHPGedView(PGV) is a free PHP-based web application for working with genealogy data on

the internet. PHPGedView has full editing capabilities, can import from GEDCOM files, and supports the multimedia.

PHPGedView(PHPGedView version 2.61) is vulnerable to cross-site scripting. BY creating a specially-crafted URL

link to the search.php script containing embedded code in the 'firstname' variable, once the link is clicked. A remote

attacker could execute arbitrary code on the victim's web browser. No remedy available as of August, 2008.

Signature ID: 1883

WEB-PHP MediaWiki Setup.php access Vulnerability

Threat Level: Information

Bugtraq: 9057

Signature Description: A vulnerability has been reported in MediaWiki, which can be exploited by malicious people to

compromise a vulnerable system.The vulnerability is caused due to an input validation error in "UpdateClasses.php",

"Title.php", "Setup.php", "GlobalFunctions.php", and "DatabaseFunctions.php". This can be exploited to execute

arbitrary code on a vulnerable system by supplying a path to a malicious file on a remote system via the "$IP" variable.

The Affected versions are MediaWiki-stable 20031107 and MediaWiki-stable 20030829.

Signature ID: 1884

WEB-PHP TUTOS path disclosure Vulnerability

Threat Level: Information

Bugtraq: 10129

Signature Description: Tutos(The Ultimate Team Organization Software) is a freely available, open-source, team

organization software package. It is available for UNIX, Linux, and Microsoft Windows operating systems. TUTOS

(TUTOS version 1.1.20030715) is a cross-site scripting vulnerability, caused by improper filtering of user-supplied

input. A remote attacker could embed malicious script in a URL request to the note_overview.php script using the id

variable, which would be executed in the victim's browser, once the link is clicked. An attacker could use this

vulnerability to obtain the victim's cookie-based authentication credentials. Upgrade to the latest version of TUTOS,

available at vendor's website.

Signature ID: 1885

WEB-PHP MediaWiki Title.php access Vulnerability

Threat Level: Information

Bugtraq: 9057

Signature Description: WEB-PHP MediaWiki Title.php accessA vulnerability has been reported in MediaWiki, which

can be exploited by malicious people to compromise a vulnerable system.The vulnerability is caused due to an input

validation error in "UpdateClasses.php", "Title.php", "Setup.php", "GlobalFunctions.php", and

"DatabaseFunctions.php". This can be exploited to execute arbitrary code on a vulnerable system by supplying a path to

a malicious file on a remote system via the "$IP" variable. The Affected versions are MediaWiki-stable 20031107 and

MediaWiki-stable 20030829.

Signature ID: 1886

WEB-PHP Typo3 translations.php file include Vulnerability

Threat Level: Information

Bugtraq: 6984

Signature Description: TYPO3 is a free and opensource content management system. It is written in PHP and running

under UNIX and Windows operating systems. TYPO3(TYPO3 versions 3.5b5 and prior) could allow a remote attacker