TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
773
Signature ID: 34124
AIOCP download_category SQL Injection1 .
Threat Level: Warning
Industry ID: CVE-2007-0223
Bugtraq: 22019
Signature Description: AIOCP (All In One Control Panel) is a powerful yet easy to use application for Web Site
Management (Web Content Management System - CMS) and it is also suitable as a development framework for Web-
based solutions. All In One Control Panel(AIOCP) version 1.3.009. A remote attacker could send specially-crafted
SQL statements to the shared/code/cp_functions_downloads.php script using the download_category parameter, which
could allow the attacker to view or delete information in the back-end database.
Signature ID: 34125
AIOCP download_category SQL Injection
Threat Level: Warning
Industry ID: CVE-2007-0223 Bugtraq: 22019
Signature Description: AIOCP (All In One Control Panel) is a powerful yet easy to use application for Web Site
Management (Web Content Management System - CMS) and it is also suitable as a development framework for Web-
based solutions. All In One Control Panel(AIOCP) version 1.3.009. A remote attacker could send specially-crafted
SQL statements to the shared/code/cp_functions_downloads.php script using the download_category parameter, which
could allow the attacker to add or modify information in the back-end database.
Signature ID: 34126
AIOCP SQL Injection Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-0316 Bugtraq: 22032
Signature Description: All In One Control Panel versions prior to 1.3.009 is vulnerable. Input passed to the 'did'
parameter in public/code/cp_downloads.php is not properly sanitised before being used in a SQL query.This can be
exploited to <br>manipulate SQL queries by injecting arbitrary SQL code. This rule hits when SQL Statements
SELECT,DELETE statements are passed on to the vulnerable page.
Signature ID: 34127
AIOCP SQL Injection Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-0316
Bugtraq: 22032
Signature Description: AIOCP (All In One Control Panel) is a powerful yet easy to use application for Web Site
Management (Web Content Management System - CMS) and it is also suitable as a development framework for Web-
based solutions. All In One Control Panel versions prior to 1.3.009 is vulnerable. Input passed to the 'did' parameter in
public/code/cp_downloads.php is not properly sanitized before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code. This rule hits when SQL Statements
TRUNCATE,UPDATE,INSERT are passed to the vulnerable parameter.
Signature ID: 34128
AIOCP SQL Injection Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-0316
Bugtraq: 22032
Signature Description: AIOCP (All In One Control Panel) is a powerful yet easy to use application for Web Site
Management (Web Content Management System - CMS) and it is also suitable as a development framework for Web-
based solutions. All In One Control Panel versions prior to 1.3.009 is vulnerable. Input passed to the 'xuser_name'
parameter in shared/code/cp_authorization.php is not properly sanitized before being used in a SQL query. This can be