TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
774
exploited to manipulate SQL queries by injecting arbitrary SQL code. This signature detects attacks using SELECT or
DELETE commands.
Signature ID: 34129
AIOCP SQL Injection Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-0316
Bugtraq: 22032
Signature Description: AIOCP (All In One Control Panel) is a powerful yet easy to use application for Web Site
Management (Web Content Management System - CMS) and it is also suitable as a development framework for Web-
based solutions. All In One Control Panel versions prior to 1.3.009 is vulnerable. Input passed to the 'xuser_name'
parameter in shared/code/cp_authorization.php is not properly sanitized before being used in a SQL query. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code. This signature detects attacks using INSERT or
TRUNCATE or UPDATE commands.
Signature ID: 34130
InstantForum.NET Logon.aspx XSS Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-0302 Bugtraq: 22052
Signature Description: InstantForum.NET v4.1.0 is vulnerable to cross-site scripting, the Forums-Path/Logon.aspx
script can not validate 'SessionID' parameter. A remote attacker could exploit this vulnerability to execute script in a
victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could
use this vulnerability to steal the victim's cookie-based authentication credentials.
Signature ID: 34131
InstantForum.NET Members1.aspx XSS Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-0302 Bugtraq: 22052
Signature Description: InstantForum.NET v4.1.0 is vulnerable to cross-site scripting, the Forums-Path/Members1.aspx
script can not validate 'Update' parameter. A remote attacker could exploit this vulnerability to execute script in a
victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could
use this vulnerability to steal the victim's cookie-based authentication credentials.
Signature ID: 34132
MiNTHaberSistemi duyuru.asp SQLInjection vulnerability
Threat Level: Warning
Industry ID: CVE-2007-0304
Bugtraq: 22030
Signature Description: MiNT Haber Sistemi is a web-based application implemented in ASP. MiNT Haber Sistemi
version 2.7 is vulnerable to SQL injection. Tha attacker can send a request with SQL commands, this application affter
received this type of requests it is not validating properly. The remote attacker here sending request to duyuru.asp page
with "id" parameter values, which could allow the attacker to view, add, modify or delete information in the back-end
database. This signature detects attacks using delete and select SQL commands in query.
Signature ID: 34133
MiNTHaberSistemi duyuru.asp SQL Injection vulnerability
Threat Level: Warning
Industry ID: CVE-2007-0304
Bugtraq: 22030
Signature Description: MiNT Haber Sistemi is a web-based application implemented in ASP. MiNT Haber Sistemi
version 2.7 is vulnerable to SQL injection. Tha attacker can send a request with SQL commands, this application affter
received this type of requests it is not validating properly. The remote attacker here sending request to duyuru.asp page