Search

Traffic File Update - December 2009

This Traffic IQ Professional update for December 2009 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for December 2009

50 Application Exploits

3Com OfficeConnect ADSL Wireless 11g Firewall Router DoS Vulnerability S
Adobe Acrobat Reader Remote Code Execution (CVE-2009-3459) (gen_shell_bind_tcp) S
Adobe Acrobat Reader Remote Code Execution (CVE-2009-3459) (gen_shell_reverse_tcp) S
Adobe Acrobat Reader Remote Code Execution (CVE-2009-3459) (win_exec) S
Adobe Acrobat Reader Remote Code Execution (CVE-2009-3459) (win_shell_reverse_ord_tcp) S
Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability S
Codesighs 'sscanf()' Remote Buffer Overflow Vulnerability S
Compress Raw Zlib for Perl 'inflate()' Off-by-one Overflow Vulnerability S
Corel Paint Shop Pro PNG File Handling Remote Buffer Overflow (bindshell) S
Corel Paint Shop Pro PNG File Handling Remote Buffer Overflow (logoff) S
Corel Paint Shop Pro PNG File Handling Remote Buffer Overflow (Win_addUser) S
Corel Paint Shop Pro PNG File Handling Remote Buffer Overflow (win_exec) S
Ghostscript 'errprintf()' Data Processing Buffer Overflow Vulnerability S
HP Application Recovery Manager Buffer Overflow (win_exec) S
HP Application Recovery Manager Buffer Overflow (win_shell_bind_tcp) S
HP Application Recovery Manager Buffer Overflow (win_shell_reverse_ord_tcp) S
HP Application Recovery Manager Buffer Overflow (win_shell_reverse_tcp) S
HP OpenView NNM 'ovalarm.exe' Remote Buffer Overflow Vulnerability S
HTTP APC Switched Rack PDU AP7932 Login Page Cross Site Scripting S
HTTP Barracuda Web Application Firewall 660 'index.cgi' HTML Injection Vulnerability S
HTTP cPanel 'fileop' Parameter Handling Cross Site Scripting Vulnerability S
HTTP DAZ Studio Scripting Support Remote Command Execution Vulnerability S
HTTP Digital Scribe Multiple SQL Injection Vulnerabilities S
HTTP Horde 'cmdshell.php' Cross-Site Scripting Vulnerability S
HTTP Horde 'phpshell.php' Cross-Site Scripting Vulnerability S
HTTP Horde 'sqlshell.php' Cross-Site Scripting Vulnerability S
HTTP Joomla YouHostit Template Cross-Site Scripting Vulnerability S
HTTP Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability S
HTTP Piwik 'ofc_upload_image.php' Arbitrary File Creation Vulnerability S
HTTP Ruby on Rails 'protect_from_forgery' Cross Site Request Forgery Vulnerability S
HTTP SAP AG SAPgui 'sapirrfc.dll' Remote Buffer Overflow Vulnerability_1 S
HTTP WP-Forum WordPress Plugin 'editpost' SQL Injection Vulnerability S
HTTP WP-Forum WordPress Plugin 'viewforum' SQL Injection Vulnerability S
HTTP WP-Forum WordPress Plugin 'viewtopic' SQL Injection Vulnerability S
HTTP Yoast Google Analytics for WordPress Cross Site Scripting Vulnerability S
HTTP Yoast Google Analytics for WordPress Cross Site Scripting Vulnerability_1 S
Kingsoft Internet Security ARJ Archive Processing Denial of Service S
Kingsoft Internet Security CAB Archive Processing Denial of Service S
libmodplug 's3m' Remote Buffer Overflow Vulnerability S
LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability S
MPlayer Ogg Media (OGM) File Remote Denial of Service Vulnerability S
OSSIM 'uniqueid' Parameter Multiple Remote Command Execution Vulnerabilities S
OSSIM 'uniqueid' Parameter Multiple Remote Command Execution Vulnerabilities_1 S
OSSIM 'uniqueid' Parameter Multiple Remote Command Execution Vulnerabilities_2 S
OSSIM 'uniqueid' Parameter Multiple Remote Command Execution Vulnerabilities_3 S
OSSIM 'uniqueid' Parameter Multiple Remote Command Execution Vulnerabilities_4 S
Symantec Products AeXNSConsoleUtilities Buffer Overflow Vulnerability S
Symantec Products AeXNSConsoleUtilities Buffer Overflow Vulnerability_1 S
TFTP Server Packet Handling Remote Buffer Overflow Vulnerability S
TFTP Server Packet Handling Remote Buffer Overflow Vulnerability_1 S

5 Evasions

Evasion HTML javascript escape (for CVE-2009-3033) S
Evasion HTML unicode (utf-16le) (for CVE-2009-3033) S
Evasion HTTP chunked (for CVE-2009-3033) S
Evasion HTTP Headers Folding (for CVE-2009-3033) S
Evasion HTTP junk headers (for CVE-2009-3033) S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.