TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
89
Signature ID: 608
Cobalt RaQ4 Administrative Interface Command Execution Vulnerability
Threat Level: Information
Industry ID: CVE-2002-1361
Bugtraq: 6326 Nessus: 11190
Signature Description: The Cobalt RaQ 4 is a server appliance that provide a dedicated Web-hosting platform and
offers new capabilities for high-traffic, complex Web sites and e-commerce applications. The Cobalt RaQ 4 server
appliance with the Security Hardening Package(SHP) could allow a remote or local attacker to execute arbitrary
commands on the system, caused by improper validation of the email variable by the overflow.cgi script. The issue
triggered when an attacker could send arbitrary commands to the email variable using a POST request to the
overflow.cgi script, an attacker can use this vulnerability to execute arbitrary commands on the system.
Signature ID: 609
WEB-CGI smartsearch.cgi access vulnerability
Threat Level: Information
Bugtraq: 7133
Signature Description: Smart Search is a CGI search engine. This is a feature of our digital video recorders that allows
you to search for changes in a particular area of an image. Smart Search(Smart Search version 4.25.0) "pay-per-click"
search engine software contains a vulnerability that allows code execution using a specially-crafted URL. Using the
"keywords" parameter accepted by smartsearch.cgi, an attacker can pass arbitrary Perl code to the web server, which
will then attempt to execute it.
Signature ID: 610
Access to Moreover.com CGI File cached_feed.cgi vulnerability
Threat Level: Information
Industry ID: CVE-2000-0906 Bugtraq: 1762
Signature Description: The cached_feed CGI supplied by Moreover.com is used to retrieve new headlines from the
Moreover.com site, and then store them for retrieval and display within your own local web site. Cached_feed,
Moreover.com, cached_feed version 1.0, is a directory traversal vulnerability in Moreover.com. The issue is triggered
when an attacker submitting a specially-crafted URL containing "dot dot"(/../) sequences to the cached_feed CGI script,
an attacker can use this vulnerability to read files and directories on the web server. The issue is fixed in the version
cached_feed 2.0 or later. Update this version for removing this issue, which available at vendor's web site.
Signature ID: 611
Snitz Forums 2000 Register.ASP SQL Injection Vulnerability
Threat Level: Information
Industry ID: CVE-2003-0286 Bugtraq: 7549 Nessus: 11621
Signature Description: Snitz Forums is an Active Server Page (asp) application running on Microsoft Internet
Information Server. Snitz Forums(Snitz Forums 2000 version 3.3.03) is a SQL injection vulnerability, caused by
improper validation of user-supplied input by the register.asp script. A remote attacker could passing malicious SQL
commands to the register.asp script using the "Email" variable, which would allow the attacker to gain sensitive
information in the database, modify data, and execute stored procedures.
Signature ID: 612
WEB-IIS MS BizTalk server access vulnerability
Threat Level: Information
Industry ID: CVE-2003-0117
Bugtraq: 7469 Nessus: 11638
Signature Description: Microsoft BizTalk Server is a Microsoft product business-process automation and application
integration both within and between businesses. Microsoft BizTalk Server 2002 is a buffer overflow vulnerability,
caused by improper bounds checking in the HTTP Receiver component. The HTTP Receiver component is used as an