Search

Traffic File Update - May 2010

This Traffic IQ Professional update for May 2010 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for May 2010

50 Application Exploits

Adobe Shockwave Player DIR File Parsing Remote Code Execution Vulnerability S
Apache mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability S
BigAnt Office Messenger 'AntCore.dll' Heap Buffer Overflow Vulnerability S
Cisco Application Control Engine (ACE) HTTP Parsing Security Weakness S
DJ Studio Pro '.pls' File Remote Buffer Overflow Vulnerability S
ESET Smart Security and NOD32 Antivirus Buffer Overflow Vulnerability S
FTP Trellian 'PASV' Remote Buffer Overflow Vulnerability (gen_shell_bind_tcp) S
FTP Trellian 'PASV' Remote Buffer Overflow Vulnerability (win_exec) S
FTP Xftp 'PWD' Response Buffer Overflow Vulnerability (gen_shell_reverse_tcp) S
FTP Xftp 'PWD' Response Buffer Overflow Vulnerability (win_exec) S
FTP Xftp 'PWD' Response Buffer Overflow Vulnerability (win_shell_bind_tcp) S
FTP Xftp 'PWD' Response Buffer Overflow Vulnerability (win_shell_reverse_ord_tcp) S
HP OpenView Network Node Manager 'Oid' Buffer Overflow Vulnerability S
HP OpenView Network Node Manager 'OvWebHelp.exe' Heap Buffer Overflow Vulnerability S
HTML U.S.Robotics USR5463 Firmware 'setup_ddns.exe' HTML Injection Vulnerability S
HTTP 3Com Intelligent Management Center Directory Traversal S
HTTP 3Com Intelligent Management Center Multiple Cross-Site Scripting S
HTTP 3Com Intelligent Management Center Multiple Cross-Site Scripting_1 S
HTTP 3Com Intelligent Management Center Multiple Information disclosure S
HTTP 3Com Intelligent Management Center Multiple Information disclosure_1 S
HTTP Apache ActiveMQ 'queueBrowse' Cross Site Scripting Vulnerability S
HTTP Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability S
HTTP Apple Safari 'window.parent.close()' Invalid Pointer Vulnerability S
HTTP Apple Safari CSS 'img' Data Remote Denial Of Service Vulnerability S
HTTP Attachmate Reflection X 'ControlID' Buffer Overflow Vulnerability S
HTTP BaoFeng Storm2012 M3U File Buffer Overflow Vulnerability S
HTTP Consona Products 'n6plugindestructor.asp' Cross Site Scripting S
HTTP Consona Products 'n6plugindestructor.asp' Cross Site Scripting_1 S
HTTP Rumba FTP Client 'FTPSFtp.dll' Buffer Overflow Vulnerability S
HTTP VMware View URL Processing Cross-site Scripting Vulnerability S
HTTP WebMoney Advisor 'wmadvisor.dll' Buffer Overflow Vulnerability S
Hyplay '.asx' File Remote Denial of Service Vulnerability S
Maple .maplet File Arbitrary Command Execution (gen_shell_bind_tcp) S
Maple .maplet File Arbitrary Command Execution (gen_shell_reverse_tcp) S
Maple .maplet File Arbitrary Command Execution (win_exec) S
Maple .maplet File Arbitrary Command Execution (win_shell_reverse_ord_tcp) S
Microsoft IE 'Tabular Data Control' Remote Code Execution Vulnerability_1 S
Microsoft Outlook Express And Windows Mail Common Library Integer Overflow S
Microsoft Paint JPEG Image Processing Integer Overflow Vulnerability (MS10-005) S
Microsoft SharePoint Server 2007 'help.aspx' Cross Site Scripting S
RealNetworks Helix Server Buffer Overflow (win_adduser) S
RealNetworks Helix Server Buffer Overflow (win_exec) S
RealNetworks Helix Server Buffer Overflow (win_shell_bind_tcp) S
RealNetworks Helix Server Buffer Overflow (win_shell_reverse_ord_tcp) S
RealNetworks Helix Server Buffer Overflow (win_shell_reverse_tcp) S
RealVNC 4.1.3 'ClientCutText' Message Remote Denial of Service S
SAP MaxDB Malformed Handshake Request Remote Code Execution Vulnerability S
TeamViewer Remote Buffer Overflow Vulnerability S
TFTP SolarWinds Server 'Read' Request Denial Of Service Vulnerability S
TFTP TFTPUtil GUI Long Transport Mode Buffer Overflow Vulnerability S

5 Evasions

Evasion HTML javascript escape (for CVE-2010-0805) S
Evasion HTML unicode (utf-16le) (for CVE-2010-0805) S
Evasion HTTP chunked (for CVE-2010-0805) S
Evasion HTTP Header Folding (for CVE-2010-0805) S
Evasion HTTP junk headers (for CVE-2010-0805) S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.