TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
686
in the G/PGP Encrpytion Plug-in for SquirrelMail webmail version 2.1 and prior. The vulnerability specifically exists
within the function gpg_recv_key() defined in gpg_key_functions.php. A remote authenticated attacker could exploit
this vulnerability using the 'keyserver' parameter submitted to gpg_options.php. Successful exploitation allows remote
attacker to execute arbitrary commands on the system with the privileges of the Web server. Upgrade to latest version
of G/PGP Plug-in that is available from vendor's website.
Signature ID: 30317
SquirrelMail G/PGP Plug-in gpg_check_sign_pgp_mime() Command Injection Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-1924 CVE-2007-3636 Bugtraq: 24828,24874
Signature Description: SquirrelMail G/PGP Plug-in is a general purpose encryption, decryption, and digital signature
plug-in for SquirrelMail that implements the OpenPGP standard using GPG. A command injection vulnerability exists
in the G/PGP Encrpytion Plug-in for SquirrelMail webmail version 2.1 and prior. The vulnerability specifically exists
within the function gpg_check_sign_pgp_mime() defined in gpg_hook_functions.php. A remote authenticated attacker
could exploit this vulnerability using the 'messageSignedText' parameter submitted to gpg_hook_functions.php.
Successful exploitation allows remote attacker to execute arbitrary commands on the system with the privileges of the
Web server. Upgrade to latest version of G/PGP Plug-in that is available from vendor's website.
Signature ID: 30318
SquirrelMail G/PGP Plug-in gpg_help.php Local File Inclusion Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-4169 CVE-2005-1924 Bugtraq: 24874
Signature Description: SquirrelMail G/PGP Plug-in is a general purpose encryption, decryption, and digital signature
plug-in for SquirrelMail that implements the OpenPGP standard using GPG. Version 2.0 of the SquirrelMail G/PGP
Plug-in contains an implementation flaw in the way it includes certain files. The problem specifically exists in
'gpg_help.php' and 'gpg_help_base.php' files which will include local files that are supplied via the 'help' HTTP GET
request parameter. By using directory traversal specifiers, a remote attacker can trivially cause files stored on the Web
server to be parsed as PHP code. Successful exploitation provides the remote attacker sensitive information or allows
execution of arbitrary code. Upgrade to latest version of G/PGP Plug-in that is available from vendor's website.
Signature ID: 30319
Mozilla Firefox/Thunderbird/SeaMonkey Chrome-Loaded About:Blank Script Execution
Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-3844 Bugtraq: 25142
Signature Description: The Mozilla Firefox web browser, Thunderbird email client, and SeaMonkey internet suite are
vulnerable to script execution when an add-on uses the 'about:blank' page. Add-ons are small pieces of software that
can add new features for these products. Add-ons that create 'about:blank' windows and populate them in certain ways
such as document creation through data: or javascript: URLs in new window can execute scripts with chrome
privileges. This behavior could cause security issues in certain extensions that are thinking that 'about:blank' does not
have chrome privileges. By convincing a victim to visit a specially-crafted web page containing an about:blank
window, a remote attacker could exploit this vulnerability to execute arbitrary code with chrome privileges. This
signature detects traffic using the window.open function.
Signature ID: 30320
Mozilla Firefox/Thunderbird/SeaMonkey Chrome-Loaded About:Blank Script Execution
Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-3844
Bugtraq: 25142