TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
679
Signature ID: 30181
PHP-Nuke Search Module Query Parameter SQL Injection Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-3792
Bugtraq: 15421
Signature Description: PHP-Nuke is a news automated system designed to be used in Intranets and Internet. The goal
of PHP-Nuke is to have an automated web site to distribute news and articles with users. The PHP-Nuke versions 7.5
through 7.8 and PHPNuke EV version 7.7-R1 are vulnerable to SQL injection in Search module. Input passed to the
"query" parameter when performing a search isn't properly sanitized before being used in a SQL query. A remote
attacker could exploit this vulnerability by passing malicious SQL commands in the query parameter when performing
a search. Successful exploitation could allow an attacker to compromise the application, access or modify data, or
exploit vulnerabilities in the underlying database implementation. Upgrade to the latest version of PHP-Nuke (7.9 or
later), available from the PHP-Nuke Web site.
Signature ID: 30182
WordPress cache_lastpostdate Cookie Parameter Code Injection Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-2612 Bugtraq: 14533 Nessus: 19414
Signature Description: WordPress is a blog publishing system written in PHP and backed by MySQL database. A PHP
script injection vulnerability exists in WordPress versions 1.5.1.3 and prior. The vulnerability is due to improper
sanitization of user-input in the cache_lastpostdate parameter that is embedded in a Cookie field. By sending a crafted
HTTP request containing cookies with malicious script in cache_lastpostdate parameter, a remote attacker may be able
to execute arbitrary code within the security context of the hosting site. The register_globals flag must be enabled on
the WordPress Server for reliable exploitation of this vulnerability. Upgrade to the latest version of WordPress.
Signature ID: 30184
PHPXMLRPC and PEAR XML_RPC Remote Code Injection Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-1921 CVE-2005-2116 Bugtraq: 14088
Signature Description: XML-RPC for PHP (PHPXMLRPC) and PEAR XML_RPC applications are PHP
implementation of the XML-RPC web RPC protocol, and used by many different developers across the world.
PHPXMLRPC versions 1.1 and earlier, PEAR XML_RPC 1.3.3 versions and earlier are vulnerable to a php code
execution vulnerability. The vulnerability is due to improper handling of PHP code that is passed to eval() statement. A
remote attacker could exploit this vulnerability by sending specially-crafted XMLRPC requests containing nested XML
tags, allowing the attacker to execute arbitrary PHP code on the affected system. All the products which use vulnerable
library of XMLRPC are vulneable to this issue. Contact your vendor to upgrade to the latest version.
Signature ID: 30185
Ftpdmin LIST Command Windows Drive Letter Denial of Service Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-1580 Bugtraq: 23049
Signature Description: Ftpdmin is a minimal Windows FTP server that does not require an "install". It is intended to be
run temporarily, on an as-needed basis basis to do file transfers between Windows computers. Ftpdmin version 0.96 is
vulnerable to a denial of service attack via a LIST command for a Windows drive letter such as //A:. Restrict the access
to port 21 to the trusted clients only.
Signature ID: 30186
Mercantec SoftCart Malformed CGI Parameter Overflow
Threat Level: Severe
Industry ID: CVE-2004-2221
Bugtraq: 10926