Search

Traffic File Update - October 2010

This Traffic IQ Professional update for October 2010 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for October 2010

51 Application Exploits

Altova DatabaseSpy '.qprj' File Buffer Overflow Vulnerability S
Digital Music Pad '.pls' Remote Buffer Overflow (win_exec) S
Digital Music Pad '.pls' Remote Buffer Overflow (win_shell_bind_tcp) S
Digital Music Pad '.pls' Remote Buffer Overflow (win_shell_bind_tcp_xpfw) S
Digital Music Pad '.pls' Remote Buffer Overflow (win_shell_reverse_ord_tcp) S
Digital Music Pad '.pls' Remote Buffer Overflow (win_shell_reverse_tcp) S
Disk Pulse Server 'GetServerInfo' Remote Buffer Overflow Vulnerability S
HTTP Adobe Shockwave Player 'rcsL' Chunk Memory Corruption Vulnerability S
HTTP AudioPLUS Playlist File Processing Buffer Overflow Vulnerability S
HTTP AudioPLUS Playlist File Processing Buffer Overflow Vulnerability_1 S
HTTP Firefox SeaMonkey & Thunderbird 'document.write' Vulnerability S
HTTP Intellicom Netbiter webSCADA Products Local File Disclosure S
HTTP Intellicom Netbiter webSCADA Products Remote Code Execution S
HTTP Intellicom Netbiter webSCADA Products Users Information Disclosure S
HTTP iWorkstation Playlist Processing Buffer Overflow Vulnerability S
HTTP Mozilla Firefox (CVE-2010-3765) Remote Buffer Overflow Vulnerability S
HTTP Mozilla Firefox (CVE-2010-3765) Remote Buffer Overflow Vulnerability_1 S
HTTP Platinum UPnP Library Post UPnP Buffer Overflow Vulnerability S
HTTP SquirrelMail Virtual Keyboard Plugin 'vkeyboard.php' Cross Site Scripting S
HTTP SurgeMail SurgeWeb 'username_ex' Cross-Site Scripting Vulnerability S
HTTP VLC Media Player Mozilla Multimedia Plug-in Remote Code Execution S
HTTP Zen Cart Multiple Input Validation Vulnerabilities S
IBM Tivoli Access Manager for e-business 'acl' Cross Site Scripting S
IBM Tivoli Access Manager for e-business 'domain' Cross Site Scripting S
IBM Tivoli Access Manager for e-business 'group' Cross Site Scripting S
IBM Tivoli Access Manager for e-business 'gso' Cross Site Scripting S
IBM Tivoli Access Manager for e-business 'gsogroup' Cross Site Scripting S
IBM Tivoli Access Manager for e-business 'os' Cross Site Scripting S
IBM Tivoli Access Manager for e-business 'parm1' Cross Site Scripting S
IBM Tivoli Access Manager for e-business 'pop' Cross Site Scripting S
IBM Tivoli Access Manager for e-business 'rule' Cross Site Scripting S
IBM Tivoli Access Manager for e-business 'user' Cross Site Scripting S
IBM Tivoli Access Manager for e-business 'webseal' Cross Site Scripting S
Microsoft DRM 'msnetobj.dll' Memory Corruption Vulnerability S
Microsoft Excel 2002 Memory Corruption Vulnerability S
Microsoft Excel OBJ Record Stack Overflow Remote Code Execution (MS10-038) S
Microsoft Excel WOPT Record Parsing Memory Corruption Vulnerability (MS10-038) S
Microsoft IE CSS Handling Cross Domain Information Disclosure Vulnerability (MS10-071) S
Microsoft IIS Repeated Parameter Request Denial of Service (MS10-065) S
Microsoft MPEG Layer-3 Audio Decoder Divide-By-Zero Denial of Service Vulnerability S
Microsoft Paint Memory Corruption Denial Of Service Vulnerability S
Microsoft Windows and Office Uniscribe Font Parsing Vunlerability (MS10-063) S
Microsoft Windows Media Player CVE-2010-2745 Remote Code Execution Vulnerability S
Oracle Java SE and Java for Business CVE-2010-3552 Remote New Java Plug-in Vulnerability S
Trend Micro Internet Sec Pro 2010 'extSetOwner' Remote Code Exe (win_exec) S
Trend Micro Internet Sec Pro 2010 'extSetOwner' Remote Code Exe (win_shell_bind_tcp) S
Trend Micro Internet Sec Pro 2010 'extSetOwner' Remote Code Exe (win_shell_bind_tcp_xpfw) S
Trend Micro Internet Sec Pro 2010 'extSetOwner' Remote Code Exe (win_shell_reverse_ord_tcp) S
Trend Micro Internet Sec Pro 2010 'extSetOwner' Remote Code Exe (win_shell_reverse_tcp) S
Visual Synapse HTTP Server Directory Directory Traversal Vulnerability S
Visual Synapse HTTP Server Directory Directory Traversal Vulnerability_1 S

6 Evasions

Evasion HTML javascript escape (for CVE-2010-3189) S
Evasion HTML unicode (utf-16le) (for CVE-2010-3189) S
Evasion HTTP chunked (for CVE-2010-3189) S
Evasion HTTP gzip compression (for CVE-2010-3189) S
Evasion HTTP Header Folding (for CVE-2010-3189) S
Evasion HTTP junk headers (for CVE-2010-3189) S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.