TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
264
Signature ID: 1908
WEB-PHP myphpPagetool pt_config.inc file include Vulnerability
Threat Level: Warning
Bugtraq: 6744
Signature Description: MyphpPagetool is an application used to maintain a web site using a mysql database, which
stores and manage all web pages and their contents. myphpPagetool is written in PHP and is available for a variety of
platforms.myphpPageTool 0.4.3 -1 is vulnerable version, which may allow remote attackers to include path for
'pt_config.inc' files located on remote servers. This issue is present in the index.php, help1.php, help2.php, help3.php,
help4.php, help5.php, help6.php, help7.php, help8.php and help9.php pages existing in the /doc/admin folder.
Signature ID: 1909
WEB-PHP YaBB SE news.php file include Vulnerability
Threat Level: Warning
Bugtraq: 6674
Signature Description: YaBB SE is a freely available, open source port of Yet Another Bulletin Board (YaBB). Due to
insufficient sanitization of some user-supplied variables by the 'News.php' script, it is possible for a remote attacker to
include a malicious PHP file in a URL. It is available for platforms include Unix, Linux, and Microsoft Windows
operating systems. An attacker may exploit this by supplying a path to a maliciously created file, located on an
attacker-controlled host as a value for the '$template' parameter. The vulnerable versions are YaBB SE 1.5.1 and
earlier.
Signature ID: 1910
WEB-PHP newsPHP Language file include Vulnerability
Threat Level: Warning
Bugtraq: 8488
Signature Description: File include vulnerability has been reported in the nphpd.php module of newsPHP 216 that may
permit an attacker to include and execute malicious script code on a vulnerable host.The issue is reported to exist in the
LangFile variable of nphpd.php module of the software. Successful exploitation may lead to execution of arbitrary code
on a vulnerable system by a remote attacker.
Signature ID: 1911
WEB-PHP phpMyAdmin db_details_importdocsql.php access Vulnerability
Threat Level: Warning
Bugtraq: 7965,7963 Nessus: 11761
Signature Description: PhpMyAdmin is a freely available tool that provides a web interface for handling MySQL
administrative tasks.The flaw present in phpMyAdmin whereby passwords are stored in a plain text format, due to that
even a local user can have the privilege to view the cookie information and access the site hosting phpMyAdmin as a
victim user. phpMyAdmin 2.5.1 or lower are vulnerable.Furthermore, this issue could be exaggerated by the fact that
the credentials may be used across multiple systems.
Signature ID: 1912
WEB-PHP phpbb quick-reply.php access Vulnerability
Threat Level: Warning
Industry ID: CVE-2002-2287
Bugtraq: 6173
Signature Description: This event is generated when an attempt is made to gain unauthorized access to a PHP
application running on a web server. Some applications do not perform stringent checks when validating the credentials
of a client host connecting to the services offered on a host server. This can lead to unauthorized access and possibly
escalated privileges to that of the administrator. Data stored on the machine can be compromised and trust relationships