TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
680
Signature Description: Mercantec's SoftCart is a Web-based shopping cart system for Microsoft Windows. SoftCart
version 4.00b is vulnerable to a buffer overflow in the SoftCart.exe CGI. By sending a specially-crafted HTTP GET
request containing a malformed CGI parameter to SoftCart, a remote attacker could overflow a buffer and execute
arbitrary code on the system. Upgrade to newer version of the product.
Signature ID: 30188
ShixxNOTE 6.net Font Field Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2004-1595 Bugtraq: 11409
Signature Description: ShixxNOTE is a personal organizer, desktop sticky notes (post-it) program, instant messaging
application (LAN messenger) and a communications tool used across a local network (Intranet), Internet and via email.
ShixxNOTE 6.net build 117 and possibly other versions are vulnerable to a buffer overflow, due to improper copying
of the font value into memory without verifying its size. A remote attacker can exploit this vulnerability by sending a
crafted message with overly large font value to the target ShixxNOTE client system. Successful exploitation would
result in execution of arbitrary code with the privileges of the currently logged in user. In ShixxNOTE 6.net build 123
this issue is resolved.
Signature ID: 30189
NullSoft SHOUTcast Server File Request Format String Vulnerability
Threat Level: Severe
Industry ID: CVE-2004-1373 Bugtraq: 12096
Signature Description: SHOUTcast is Nullsoft's Free Winamp-based distributed streaming audio system for Linux and
Windows based platforms. SHOUTcast Server version 1.9.4 and possibly earlier versions are vulnerable to a format
string attack while requesting a file. By requesting a file name containing format string specifiers, a remote attacker can
crash or able to execute arbitrary code on SHOUTcast server. This issue is resolved in version 1.9.5.
Signature ID: 30191
SAP-DB/MaxDB WebDBM Database Parameter Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-4305 Bugtraq: 19660
Signature Description: MySQL MaxDB is a heavy-duty, SAP-certified open source database. A web based application
interface Webtool which acts as a HTTP server is provided with MaxDB. A buffer overflow vulnerability exists in the
MaxDB WebDBM server component version 7.6.00.22 in handling login inputs provided by a user. The vulnerability is
specifically due to a boundary error in the processing of the database name, Database, provided by the user. By sending
a specially-crafted HTTP request from a WebDBM client to the DBM server, a remote attacker could overflow a buffer
and execute arbitrary code on the system with privileges of the 'wahttp' process. This issue has been fixed in the latest
release of the product, MaxDB 7.6.00.31.
Signature ID: 30192
IpSwitch Whatsup Gold _maincfgret.cgi Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2004-0798
Bugtraq: 11043,11109
Signature Description: WhatsUp Gold is a network monitoring tool by IpSwitch for Microsoft Windows operating
systems. WhatsUp Gold version 8.03 is vulnerable to a buffer overflow in the _maincfgret.cgi script. By posting a long
string for the value of 'instancename', a buffer overflow occurs allowing an attacker to redirect the flow of control and
eventually execute arbitrary code. Successful exploitation allows remote attackers to execute arbitrary code under the
privileges of the user that instantiated the application. Upgrade to the latest version of WhatsUp Gold (8.03 Hotfix 1 or
later).