Search

Traffic File Update - October 2009

This Traffic IQ Professional update for October 2009 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for October 2009

49 Application Exploits

Adobe Reader and Acrobat (CVE-2009-2994) U3D 'CLODMeshDeclaration' Buffer Overflow S
Adobe Reader and Acrobat COM Objects Memory Corruption Remote Code Execution S
Adobe Reader and Acrobat COM Objects Memory Corruption Remote Code Execution_1 S
Adobe Reader and Acrobat COM Objects Memory Corruption Remote Code Execution_2 S
Adobe Reader and Acrobat COM Objects Memory Corruption Remote Code Execution_3 S
Adobe Reader and Acrobat COM Objects Memory Corruption Remote Code Execution_4 S
Cerberus FTP Server Long Command Remote Denial of Service Vulnerability S
Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability S
EMC Captiva PixTools Distributed Imaging Insecure Method Vulnerabilities S
FlexCell Grid Control Multiple Arbitrary File Overwrite Vulnerabilities S
Foxit Reader Firefox Plugin Memory Corruption Vulnerability S
Foxit Reader Firefox Plugin Memory Corruption Vulnerability_1 S
FTP BulletProof Client Malformed '.bps' File Stack Buffer Overflow Vulnerability S
GD Graphics Library '_gdGetColors' Remote Buffer Overflow Vulnerability S
HTTP Acritum Femitter Server HTTP Request Remote File Disclosure Vulnerability S
HTTP AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities S
HTTP Alkacon OpenCms Multiple Input Validation Vulnerabilities S
HTTP AOL SuperBuddy ActiveX Control Remote Code Execution Vulnerability S
HTTP Black Ice Printer Driver Resource Toolkit Remote Vulnerabilities S
HTTP Black Ice Printer Driver Resource Toolkit Remote Vulnerabilities_1 S
HTTP HP LoadRunner 'MakeHttpRequest()' Arbitrary File Download Vulnerability S
HTTP Interspire Knowledge Manager 'p' Parameter Directory Traversal Vulnerability S
HTTP Juniper Networks JUNOS J-Web XSS And HTML Injection Vulnerabilities S
HTTP Juniper Networks JUNOS J-Web XSS And HTML Injection Vulnerabilities_1 S
HTTP Juniper Networks JUNOS J-Web XSS And HTML Injection Vulnerabilities_2 S
HTTP KeyWorks KeyHelp Module 'keyhelp.ocx' Remote Buffer Overflow Vulnerability S
HTTP Mozilla Firefox MFSA 2009-47, -48, -49, -50, -51 Multiple Vulnerabilities S
LPD Xlpd Remote Bufer Overflow Vulnerability S
Microsoft SharePoint Team Services Source Code Information Disclosure S
Microsoft SharePoint Team Services Source Code Information Disclosure_1 S
Mozilla Firefox CVE-2009-3378 Remote Memory Corruption Vulnerability S
NaviCOPA Source Code Information Disclosure Vulnerability S
NaviCOPA Source Code Information Disclosure Vulnerability_1 S
nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability S
Novell eDirectory 'dconserv.dlm' Cross-Site Scripting Vulnerability S
Pegasus Mail POP3 Response Remote Buffer Overflow Vulnerability S
SAP Business One License Manager Buffer Overflow (gen_shell_bind_tcp) S
SAP Business One License Manager Buffer Overflow (win_add_user) S
SAP Business One License Manager Buffer Overflow (win_exec) S
Symantec Multiple Prod Intel Alert Originator Service Stack Overflow (win_add_user) S
Symantec Multiple Prod Intel Alert Originator Service Stack Overflow (win_exec) S
Symantec Multiple Prod Intel Alert Originator Service Stack Overflow (win_shell_bind_tcp) S
Symantec Multiple Prod Intel Alert Originator Service Stack Overflow (win_shell_reverse_tcp) S
W3C Amaya XML and HTML Parser Multi Buffer Overflow Vulnerabilities (generic_debug_trap) S
W3C Amaya XML and HTML Parser Multi Buffer Overflow Vulnerabilities (gen_shell_bind_tcp) S
W3C Amaya XML and HTML Parser Multi Buffer Overflow Vulnerabilities (gen_shell_reverse_tcp) S
W3C Amaya XML and HTML Parser Multi Buffer Overflow Vulnerabilities (win_exec) S
Xpdf Integer Overflow Vulnerability S
Xpdf NULL-Pointer Dereference Vulnerability S

6 Evasions

Evasion HTML javascript escape (for CVE-2009-0323) S
Evasion HTML unicode (utf-16be) (for CVE-2009-0323) S
Evasion HTML unicode (utf-16le) (for CVE-2009-0323) S
Evasion HTTP chunked (for CVE-2009-0323) S
Evasion HTTP Header Folding (for CVE-2009-1136)_1 S
Evasion HTTP junk headers (for CVE-2009-0323) S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.