TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
913
and marketing brochures. The content managed may include computer files, image media, audio files, electronic
documents, and Web content. Anata CMS 1.0b5 is vulnerable to sql injection attack. By sending a specially crafted
request for change.php file using POST method user can inject code into form, and attacker can execute your account
with administrator privileges.
Signature ID: 35274
P2P Foxy Out of memory Exploit
Threat Level: Severe
Signature Description: Foxy is one of most popular p2p software, developed by Chinese. Foxy normally shares
user’s computer files for specific folders. P2P Foxy is vulnerable to buffer overflow ( Out of memory ) attack.
when "&fs=" in the request header to Foxy server, meet some large magic point It starts to request more memory and
will get freeze. No patch details are available as of now.
Signature ID: 35275
Asterisk "pedantic" SIP Processing Denial of Service
Threat Level: Warning
Industry ID: CVE-2008-2119
Signature Description: Asterisk is the leading open source telephony engine and tool kit. It allows a number of attached
telephones to make calls to one another, and to connect to other telephone services including the public switched
telephone network (PSTN). It will runs on Linux, NetBSD, OpenBSD, FreeBSD, Mac OS X, and Solaris. Asterisk
Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3 are vulnerable to denial
of service attack. When the "pedantic" processing is enabled, attacker can execute a NULL pointer dereference error in
the ast_uri_decode() function. This vulnerability is caused by sending a specially-crafted SIP message without a
"From" field, remote attacker could crash the vulnerable application. Vendor has provided Patches to resolve this issue.
Signature ID: 35276
Black Ice Barcode SDK BIDIB.ocx ActiveX control code execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2008-2683 CVE-2008-2684
Signature Description: The Black Ice Barcode Reading SDK/ActiveX toolkit is a robust and efficient library 2D
DataMatrix barcoding function. It is used for reading/decoding, searching barcodes, and detecting barcode orientation.
DataMatrix barcodes can store large amounts of data in a small symbol, up to a maximum 3,116 Digits or 2,335 ASCII
characters. Using DataMatrix barcodes, developers can eliminate database information retrieval, and can simply read
all account details from the DataMatrix barcode symbol itself. Black Ice, BIDIB.ocx 10.9.3.0 in Barcode SDK 5.01 is
vulnerable to arbitrary code execution vulnerability. BIDIB.ocx includes the insecure "DownloadImageFileURL()"
method, which can be exploited to download an arbitrary file to an arbitrary location on a vulnerable system when a
user visits malicious website, and also causes memory corruption via overly long arguments. No remedy available as of
July 6, 2008, user can set killbit to the clsid D2797899-BE27-4CDB-892F-4FDC26EA9BA9 to resolve this issue.
Signature ID: 35277
Black Ice Barcode SDK BIDIB.ocx ActiveX control code execution Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-2683
CVE-2008-2684
Signature Description: The Black Ice Barcode Reading SDK/ActiveX toolkit is a robust and efficient library 2D
DataMatrix barcoding function. It is used for reading/decoding, searching barcodes, and detecting barcode orientation.
DataMatrix barcodes can store large amounts of data in a small symbol, up to a maximum 3,116 Digits or 2,335 ASCII
characters. Using DataMatrix barcodes, developers can eliminate database information retrieval, and can simply read
all account details from the DataMatrix barcode symbol itself. Black Ice, BIDIB.ocx 10.9.3.0 in Barcode SDK 5.01 is
vulnerable to arbitrary code execution vulnerability. BIDIB.ocx includes the insecure "DownloadImageFileURL()"
method along with hex encoded data, which can be exploited to download an arbitrary file to an arbitrary location on a