Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 Administration Manual page 926

Network and Security Manager Administration Guide
HTTP:PHP:PHPBB:SEARCH-INJECT
HTTP:PHP:PHPDIG-FILE-INC
HTTP:PHP:PHPLIB-REMOTE-EXEC
HTTP:PHP:PHPMYADMIN:SVR-PARAM
HTTP:PHP:PHPNUKE:CID-SQL-INJECT
HTTP:PHP:PHPNUKE:MODULES-DOS
HTTP:PHP:PHPROJEKT-INC
HTTP:PHP:PHPWEB-REMOTE-FILE
HTTP:PHP:PMACHINE-INCLUDE
876
This signature detects attempts to exploit a vulnerability in
phpBB, an open-source bulletin board package. The
search_id parameter in phpBB is vulnerable to SQL injection.
Attackers may query private data (such as hashed
passwords) then embed the password in a cookie to gain
administrative access to the Web site.
This signature detects attempts to exploit a vulnerability in
PhpDig 1.6. Attackers may include a malicious
'relative_script_path' parameter in a direct request to the
config.php script; this request causes the server to download
php code from remote location and execute it. Attackers
may execute arbitrary code on the server with permissions
of the web server.
This signature detects attempts to exploit a vulnerability in
PHPLILB, a code library that provides support for managing
sessions in Web applications. Attackers may remotely submit
maliciously crafted Web requests to cause the application
to fetch and execute scripts from another host, allowing
local access to the Web server.
This signature detects attempts to exploit a vulnerability in
PHPMyAdmin. Attackers may use HTTP form parameters
to remotely provide mysql server configuration data. This
attack is typically one stage in a multi-stage exploit attempt.
This signature detects attempts to exploit a vulnerability in
PHP-Nuke. Attackers may execute arbitrary SQL commands
on a Web server.
This signature detects attempts to exploit a SQL injection
vulnerability in the modules.php script that ships with
PHPNuke. PHPNuke 6.0 and earlier are vulnerable. Attackers
may produce a process that increases system load on the
server, making it unusable until the process is killed.
This signature detects attempts to exploit a vulnerability in
the authform.inc.php script included in the PHProjekt
package. Attackers may supply a remote location in the
'path_pre' input parameter to force the target to download
and execute arbitrary PHP code from the remote location.
This signature detects attempts to exploit a vulnerability in
phpWebsite. Version 0.8.2 and earlier are vulnerable.
Attackers may specify a remote file location for file inclusion
to cause phpWebsite to execute arbitrary PHP code;
attackers may execute commands with HTTP daemon user
permissions.
This signature detects attempts to exploit a vulnerability in
pMachine, an online publishing application. pMachine version
2.2.1 and other versions are vulnerable. Attackers may send
a malicious HTTP request to force the pMachine Web server
to execute PHP code from a remote server; commands are
executed with web server privileges.
medium sos5.0.0,
sos5.1.0
high sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.1.0
medium sos5.1.0
medium sos5.0.0,
sos5.1.0
medium sos5.1.0
high sos5.0.0,
sos5.1.0
high sos5.0.0,
sos5.1.0
Copyright © 2010, Juniper Networks, Inc.