TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

261

262

263

264

265

266

267

268

269

270

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

262

to a crash.Successful exploitation of this issue may allow an attacker to cause the software to crash or hang. Upgrade

the lates version of E107, which available at vendor's website.

Signature ID: 1899

WEB-PHP content-disposition memchr overflow Vulnerability

Threat Level: Information

Industry ID: CVE-2002-0081

Bugtraq: 4183 Nessus: 10867

Signature Description: PHP is a scripting language widely used in web development. It can be installed on a variety of

web servers, including Apache, IIS, Caudium, Netscape and iPlanet. PHP (PHP versions 4.1.0, 4.1.1, 4.0.6 and 3.0.x) is

a buffer overflow vulnerability in the handling of file uploads. Specifically, this problem occurs in the functions which

are used to decode MIME encoded files. As a result, it may be possible to overrun the buffer used for the vulnerable

functions to cause arbitrary attacker-supplied instructions to be executed.Successful attacker can execute his attack

code in the context of authorised user on the affected system.

Signature ID: 1900

WEB-PHP Marcus Xenakis directory.php arbitrary command attempt_1 Vulnerability

Threat Level: Information

Industry ID: CVE-2002-0434 Bugtraq: 4278 Nessus: 11017

Signature Description: Marcus Xenakis directory.php is vulnerable to shell command execution attacks. The

directory.php script provides a web interface for direcotry listings. The directory.php script could allow a remote

attacker to send a specially-crafted HTTP request containing 'directory.php' and shell metacharacters(such as ; or |) in

the 'dir' parameter, An issue exists in this script which could allow a user to execute arbitrary shell commands on the

system. No remedy available as of August, 2008.

Signature ID: 1901

WEB-PHP Vibechild Directory Manager edit_image.php access Vulnerability

Threat Level: Severe

Industry ID: CVE-2001-1020 Bugtraq: 3288 Nessus: 11104

Signature Description: Directory Manager 0.9 is an application used to maintain LDAP directory data. It is maintained

by Vibechild and hosted for download on Sourceforge.net.An input validation error exists in Directory Manager that

may enable remote attackers to execute arbitrary code on a host running the software. The flaw is due to a script in the

package that fails to filter shell meta characters from a user-supplied value passed to PHP's passthru()

function.Exploitation of this vulnerability may lead to the disclosure of sensitive data on or compromise of a vulnerable

host.

Signature ID: 1902

WEB-PHP Bytehoard files.inc.php access Vulnerability

Threat Level: Warning

Industry ID: CVE-2003-1153

Bugtraq: 8910

Signature Description: Bytehoard is a file storage/transfer application that is implemented in PHP. A remote attacker

could send a specially-crafted HTTP request to the files.inc.php script to view the root directory of the victim's system.

It is possible for the attacker to gain unauthorized access to the web root and permits an attacker to traverse directories

in and outside of the web root directory, potentially resulting in information disclosure. The vulnerable versions are

Bytehoard 0.7.0 and Bytehoard 0.71.0.

Signature ID: 1903

WEB-PHP Pod.Board forum_details.php access Vulnerability

Threat Level: Warning

Bugtraq: 7933 Nessus: 11760