TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

841

842

843

844

845

846

847

848

849

850

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

845

the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an

affected site.

Signature ID: 34815

SmE FileMailer index.php SQL Injection Vulnerability

Threat Level: Warning

Industry ID: CVE-2007-0339

Signature Description: SMe FileMailer is a script based on php which allow visitors to submit their name and email

address in order to retrieve a file from your site. Features like administration online, stop leeching and third party

linking, records the name/email/url address, visitors must give a valid email address to get a file are available. SmE

FileMailer 1.21 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the

index.php script using the ps parameters, which could allow the attacker to view, add, modify or delete information in

the back-end database.

Signature ID: 34816

SmE FileMailer index.php SQL Injection Vulnerability

Threat Level: Warning

Industry ID: CVE-2007-0346

Signature Description: SMe FileMailer is a script based on php which allow visitors to submit their name and email

address in order to retrieve a file from your site. Features like administration online, stop leeching and third party

linking, records the name/email/url address, visitors must give a valid email address to get a file are available. SmE

FileMailer 1.21 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the

index.php script using the us parameters, which could allow the attacker to view, add, modify or delete information in

the back-end database.

Signature ID: 34817

HTTP PhpBB XS BB_Usage_Stats.PHP File Include Vulnerability

Threat Level: Severe

Industry ID: CVE-2006-4893 Bugtraq: 20046

Signature Description: PhpBB is the worlds leading Open Source flat style discussion forum software. It includes all

the features you expect to find in todays top of the line software. PHP remote file inclusion vulnerability in

bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary

PHP code via a URL in the phpbb_root_path parameter.

Signature ID: 34818

HTTP PhpBB XS phpbb_root_path File Include Vulnerability

Threat Level: Severe

Industry ID: CVE-2006-4780

Bugtraq: 22283,19961

Signature Description: PhpBB is the worlds leading Open Source flat style discussion forum software. It includes all

the features you expect to find in todays top of the line software. PHP remote file inclusion vulnerability in

includes/functions.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL

in the phpbb_root_path parameter.

Signature ID: 34819

HTTP e-Ark (cfg_pear_path) File Inclusion Vulnerability

Threat Level: Warning

Industry ID: CVE-2006-6086 Bugtraq: 21224

Signature Description: E-Ark aims at providing a diocese and its churchs with the online tools to efficiently manage

the data for its parishioners and provide best service and care for them. e-Ark will be developed using