Search

Traffic File Update - April 2009

This Traffic IQ Professional update for April 2009 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for April 2009

48 Application Exploits

Abee Chm Maker Project File 'chmprj' Processing Remote Code Execution S
Abee Chm Maker Project File 'cmp' Processing Remote Code Execution S
HTTP Apache Geronimo Application Server Directory Traversal Vulnerability S
HTTP Apache Geronimo Application Server Directory Traversal Vulnerability_1 S
HTTP Apache mod_perl 'Apache Status' and 'Apache2 Status' Cross Site Scripting S
HTTP Apple Safari XML Parser Nested XML Tag Remote Denial of Service S
HTTP DiViS-Web DVR System 'AddSiteEx()' Buffer Overflow Vulnerability S
HTTP E-Book Systems FlipViewer Remote Buffer Overflow (win_exec) S
HTTP E-Book Systems FlipViewer Remote Buffer Overflow (win_shell_bind_tcp) S
HTTP IBM BladeCenter Advanced Management Module Cross-Site Request Forgery S
HTTP IBM BladeCenter Advanced Management Module Cross-Site Scripting S
HTTP IBM BladeCenter Advanced Management Module Information Disclosure Vulnerability S
HTTP IBM Tivoli Continuous Data Protection for Files Cross Site Scripting S
HTTP IBM WebSphere Application Server Administrative Console Cross Site Scripting S
HTTP IBM WebSphere Application Server Administrative Console Cross Site Scripting_1 S
HTTP IBM WebSphere Application Server Sample Application Cross Site Scripting S
HTTP IBM WebSphere JAX-WS Web Services MTOM Sample XSS vulnerability S
HTTP IBM WebSphere JAX-WS Web Services Ping and Echo Sample XSS Vulnerability S
HTTP Microsoft Internet Explorer 'EMBED' Tag Remote Code Execution (MS09-014) S
HTTP Mozilla Firefox XUL Parser Start Tags Denial of Service Vulnerability S
HTTP Mozilla Firefox _moveToEdgeShift() Memory Corruption Vulnerability S
HTTP Opera XML Parser Remote Denial of Service Vulnerability S
HTTP PrecisionID Data Matrix Barcode Arbitrary File Overwrite Vulnerability S
HTTP SAP AG SAPgui EAI WebViewer3D Remote Buffer Overflow (win_exec) S
HTTP SAP AG SAPgui EAI WebViewer3D Remote Buffer Overflow (win_shell_bind_tcp) S
HTTP SAP AG SAPgui EAI WebViewer3D Remote Buffer Overflow (win_shell_reverse_tcp) S
HTTP SAP Business Objects Crystal Reports 'viewreport.asp' Cross Site Scripting S
HTTP SAP MaxDB 'webdbm' Cross Site Scripting Vulnerability S
HTTP SAP MaxDB 'webdbm' Cross Site Scripting Vulnerability_1 S
HTTP SAP MaxDB 'webdbm' Cross Site Scripting Vulnerability_2 S
HTTP Sun Java System Calendar Server 'command.shtml' Cross Site Scripting S
HTTP Sun Java System Calendar Server 'login.wcap' Cross Site Scripting S
HTTP Sun Java System Calendar Server Duplicate URI Request Denial of Service S
HTTP SWF Opener Buffer Overflow Vulnerability S
IBM DB2 Data Stream Processing Denial of Service S
Microsoft Windows Media Player MIDI File Denial of Service Vulnerability S
Microsoft Windows Media Player MIDI File Denial of Service Vulnerability_1 S
Microsoft Windows Media Player WAV File Multiple DoS Vulnerabilities S
Microsoft Windows Media Player WAV File Multiple DoS Vulnerabilities_1 S
Microsoft Windows Media Player WAV File Multiple DoS Vulnerabilities_2 S
Microsoft Word Bulleted List Handling Memory Corruption Vulnerability (MS09-010) S
Microsoft Word Bulleted List Handling Memory Corruption Vulnerability (MS09-010)_1 S
Microsoft Word Bulleted List Handling Memory Corruption Vulnerability (MS09-010)_2 S
Microsoft Word Bulleted List Handling Memory Corruption Vulnerability (MS09-010)_3 S
UltraISO '.ui' ISO Project File Buffer Overflow Vulnerability S
UltraISO CCD File Buffer Overflow Vulnerability S
UltraISO IMG File Buffer Overflow Vulnerability S
Unsniff Network Analyzer '.usnf' File Heap-Based Buffer Overflow S

6 Evasions

Evasion HTML base64 (random_space_injection) (for CVE-2007-4475) S
Evasion HTML javascript escape (for CVE-2007-2919) S
Evasion HTML unicode (utf-16le) (for CVE-2007-4475) S
Evasion HTTP chunked (for CVE-2007-2919) S
Evasion HTTP Header Folding (for CVE-2007-2919) S
Evasion HTTP junk headers (for CVE-2007-2919) S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.