Table of Contents
Advertisement
Network and Security Manager Administration Guide
HTTP:PHP:BLACKBOARD-INC
HTTP:PHP:COOLPHP-DIRTRAV
HTTP:PHP:DFORUM-PHP-INC
HTTP:PHP:FI-DIR-TRAVERSAL
HTTP:PHP:GALLERY:EMBED-AUTH
HTTP:PHP:GALLERY:HTTP-VARS
HTTP:PHP:GALLERY:MAL-INCLUDE
HTTP:PHP:MANTIS-ARB-EXEC1
874
This signature detects attempts to exploit a vulnerability in
the admin.inc.php script that shipped as part of the
BlackBoard suite. Attackers may force the admin.inc.php
script to include and execute PHP code from a remote
source.
This signature detects directory traversal attempts against
CoolPHP. Attackers may use this exploit to execute arbitrary
scripts on the PHP server.
This signature detects attempts to exploit a vulnerability in
D-Forum. D-Forum versions 1.0 through 1.11 are vulnerable.
Attackers may exploit header.php3 and footer.php3 to
include PHP code from a remote host and execute arbitrary
commands.
This signature detects attempts to exploit a design
vulnerability in PHP/FI. Attackers may remotely access files
and directories that are readable by the Web server UID to
gather information on the local host and retrieve encrypted
user passwords on the system.
This signature detects attempts to exploit a vulnerability in
Gallery, a Web-based photo album application written in
php. Attackers may bypass user authorization to gain
administrative privileges.
This signature detects attempts to exploit a vulnerability in
Gallery, a Web-based photo management application.
Gallery uses the variables HTTP_POST_VARS,
HTTP_GET_VARS, HTTP_COOKIE_VARS, and
HTTP_POST_FILES to transfer data between pages,
including the GALLERY_BASEDIR variable. Attackers may
manually control these variables to include a malicious
setting for GALLERY_BASEDIR, enabling them to execute
arbitrary PHP code on the Gallery server with the permissions
of the HTTP server.
This signature detects attempts to exploit a vulnerability in
Gallery online photo gallery software. Attackers may inject
malicious PHP code into the software to execute operations
on the Web server.
This signature detects attempts to exploit a vulnerability in
Mantis, an open source Web-based bug tracking system.
Mantis 0.17.3 and earlier versions are vulnerable. Attackers
may send a maliciously crafted URL to cause the Web server
to download PHP code from a remote server, allowing the
attacker to execute arbitrary code with the permissions of
the user that is running the Web server daemon.
high
sos5.1.0
medium
sos5.1.0
high
sos5.0.0,
sos5.1.0
medium
sos5.0.0,
sos5.1.0
high
sos5.0.0,
sos5.1.0
high
sos5.1.0
medium
sos5.0.0,
sos5.1.0
medium
sos5.0.0
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008