Search

Traffic File Update - August 2009

This Traffic IQ Professional update for August 2009 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for August 2009

47 Application Exploits

BlazeDVD Professional '.PLF' File Remote Buffer Overflow S
BlazeDVD Professional '.PLF' File Remote Buffer Overflow_1 S
Compface '.xbm' File Remote Buffer Overflow Vulnerability S
Compface '.xbm' File Remote Buffer Overflow Vulnerability_1 S
Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability S
Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability_1 S
Firebird 'op_connect_request' Remote Denial Of Service Vulnerability S
FTP ProFTP 2.9 Banner Remote Code Execution Vulnerability (win_exec) S
FTP ProFTP 2.9 Banner Remote Code Execution Vulnerability (win_shell_bind_tcp) S
FTP ProFTP 2.9 Banner Remote Code Execution Vulnerability (win_shell_reverse_ord_tcp) S
FTP ProFTP 2.9 Banner Remote Code Execution Vulnerability (win_shell_reverse_tcp) S
Google SketchUp '.skp' File Remote Buffer Overflow Vulnerability S
HTTP Adobe ColdFusion 'cfadminpassword.cfm' HTML Injection Vulnerability S
HTTP Adobe ColdFusion 'enter.cfm' HTML Injection Vulnerability S
HTTP Adobe ColdFusion 'searchlog.cfm' HTML Injection Vulnerability S
HTTP Adobe ColdFusion '_authenticatewizarduser.cfm' HTML Injection Vulnerability S
HTTP Adobe ColdFusion '_logintowizard.cfm' HTML Injection Vulnerability S
HTTP Adobe Flex SDK 'index.template.html' Cross Site Scripting Vulnerability S
HTTP Adobe JRun 'logviewer.jsp' Directory Traversal Vulnerability S
HTTP Alkacon OpenCms Cross-Site Scripting Vulnerabilities S
HTTP CA SiteMinder Cross Site Scripting Protection Security Bypass Vulnerability S
HTTP CA SiteMinder Unicode Cross Site Scripting Protection Security Bypass Vulnerability S
HTTP Microsoft Internet Explorer 8 Denial of Service Vulnerability S
HTTP Netgear WNR2000 Multiple Information Disclosure and Security Bypass Vulnerabilities S
HTTP Netgear WNR2000 Multiple Information Disclosure and Security Bypass Vulnerabilities_1 S
HTTP Netgear WNR2000 Multiple Information Disclosure and Security Bypass Vulnerabilities_2 S
HTTP ntop 'checkHTTPpassword()' Remote Denial of Service Vulnerability S
HTTP SQLiteManager 'main.php' Cross Site Scripting Vulnerability S
HTTP SupportPRO SupportDesk Cross-Site Scripting Vulnerability S
HTTP WordPress 'wp-admin and admin.php' Module Conf Security Bypass Vulnerabilities S
HTTP WordPress 'wp-admin and admin.php' Module Conf Security Bypass Vulnerabilities_1 S
HTTP WordPress 'wp-admin and admin.php' Module Conf Security Bypass Vulnerabilities_2 S
HTTP WordPress 'wp-admin and admin.php' Module Conf Security Bypass Vulnerabilities_3 S
JetAudio M3U Playlist Handling Denial of Service Vulnerability S
JetAudio M3U Playlist Handling Denial of Service Vulnerability_1 S
JetAudio M3U Playlist Handling Denial of Service Vulnerability_2 S
JetAudio M3U Playlist Handling Remote Command Execution Vulnerability S
JetAudio M3U Playlist Handling Remote Command Execution Vulnerability_1 S
JetAudio M3U Playlist Handling Remote Command Execution Vulnerability_2 S
JetAudio M3U Playlist Handling Remote Command Execution Vulnerability_3 S
Kaspersky Products URI Parsing Denial of Service Vulnerability S
Microsoft Internet Explorer 'li' Element Denial of Service Vulnerability S
Microsoft Internet Explorer 'li' Element Denial of Service Vulnerability_1 S
Microsoft Windows Embedded OpenType Font Engine Denial of Service S
SAP Business One License Manager 'NT_Naming_Service.exe' Buffer Overflow S
UltraPlayer Malformed '.usk' Playlist File Buffer Overflow Vulnerability S
WebKit Floating Point Number Remote Buffer Overflow Vulnerability S

4 Evasions

Evasion HTTP Header Folding (for CVE-2009-2732) S
Evasion HTTP Method Random Case (for CVE-2009-2732) S
Evasion HTTP Pad Fake Headers (for CVE-2009-2732) S
Evasion HTTP Pad Method URI Count (for CVE-2009-2732) S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.