TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
976
Signature ID: 35584
E-vision cms addtour.php module parameter Local File Inclusion vulnerability
Threat Level: Warning
Bugtraq: 32180
Signature Description: E-Vision CMS is a PHP-based content manager.e-Vision CMS is Web Content Management
System written in PHP, with MySQL database backend. It runs on Linux and Windows (with Apache). The e-Vision
CMS powered website can be designed and used with no technical background. The application is prone to multiple
local file-include vulnerabilities because it fails to properly sanitize user-supplied input to the 'module' parameter of the
/modules/tour/adminpart/addtour.php? script. An attacker can exploit these vulnerabilities using directory-traversal
strings to view local files and execute local scripts within the context of the web server process. A successful attack can
allow the attacker to obtain sensitive information or gain unauthorized access to an affected computer in the context of
the vulnerable server. e-Vision CMS 2.0.2 is vulnerable, other versions may also be affected.
Signature ID: 35585
E-vision cms addarticles.php module parameter Local File Inclusion vulnerability
Threat Level: Warning
Bugtraq: 32180
Signature Description: E-Vision CMS is a PHP-based content manager.e-Vision CMS is Web Content Management
System written in PHP, with MySQL database backend. It runs on Linux and Windows (with Apache). The e-Vision
CMS powered website can be designed and used with no technical background. The application is prone to multiple
local file-include vulnerabilities because it fails to properly sanitize user-supplied input to the 'module' parameter of the
/modules/articles/adminpart/addarticles.php? script. An attacker can exploit these vulnerabilities using directory-
traversal strings to view local files and execute local scripts within the context of the web server process. A successful
attack can allow the attacker to obtain sensitive information or gain unauthorized access to an affected computer in the
context of the vulnerable server. e-Vision CMS 2.0.2 is vulnerable, other versions may also be affected.
Signature ID: 35586
E-vision cms addproduct.php module parameter Local File Inclusion vulnerability
Threat Level: Warning
Bugtraq: 32180
Signature Description: E-Vision CMS is a PHP-based content manager.e-Vision CMS is Web Content Management
System written in PHP, with MySQL database backend. It runs on Linux and Windows (with Apache). The e-Vision
CMS powered website can be designed and used with no technical background. The application is prone to multiple
local file-include vulnerabilities because it fails to properly sanitize user-supplied input to the 'module' parameter of the
/modules/product/adminpart/addproduct.php? script. An attacker can exploit these vulnerabilities using directory-
traversal strings to view local files and execute local scripts within the context of the web server process. A successful
attack can allow the attacker to obtain sensitive information or gain unauthorized access to an affected computer in the
context of the vulnerable server. e-Vision CMS 2.0.2 is vulnerable, other versions may also be affected.
Signature ID: 35587
E-vision cms addplain.php module parameter Local File Inclusion vulnerability
Threat Level: Warning
Bugtraq: 32180
Signature Description: E-Vision CMS is a PHP-based content manager.e-Vision CMS is Web Content Management
System written in PHP, with MySQL database backend. It runs on Linux and Windows (with Apache). The e-Vision
CMS powered website can be designed and used with no technical background. The application is prone to multiple
local file-include vulnerabilities because it fails to properly sanitize user-supplied input to the 'module' parameter of the
/modules/plain/adminpart/addplain.php? script. An attacker can exploit these vulnerabilities using directory-traversal
strings to view local files and execute local scripts within the context of the web server process. A successful attack can