Search

Traffic File Update - December 2010

This Traffic IQ Professional update for December 2010 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for December 2010

46 Application Exploits

Aesop GIF Creator Project File Handling Buffer Overflow Vulnerability S
Apple QuickTime Pictureviewer '.jp2' File Denial of Service Vulnerability S
FTP SolarFTP 'APPE' Command Remote Denial of Service Vulnerability S
FTP SolarFTP 'GET' Command Remote Denial of Service Vulnerability S
FTP SolarFTP 'MDTM' Command Remote Denial of Service Vulnerability S
FTP SolarFTP 'NLST' Command Remote Denial of Service Vulnerability S
FTP SolarFTP 'PUT' Command Remote Denial of Service Vulnerability S
HP Data Protector Manager Remote Denial of Service Vulnerability S
HTTP Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability S
HTTP Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability_1 S
HTTP Appweb Web Server Cross Site Scripting Vulnerability S
HTTP Awstats Apache Tomcat Configuration File Command Execution S
HTTP Awstats Apache Tomcat Configuration File Command Execution_1 S
HTTP Chilkat FTP2 Multiple Insecure Method Vulnerability S
HTTP D-Link DIR-300 'tools_admin.php' Cross-Site Request Forgery Vulnerability S
HTTP HP Insight Diagnostics Online Edition Multiple XSS Vulnerabilities S
HTTP HP Insight Diagnostics Online Edition Multiple XSS Vulnerabilities_1 S
HTTP J-Integra 'SetIdentity()' Buffer Overflow Vulnerability S
HTTP ManageEngine EventLog Analyzer 6.1 Multiple XSS Vulnerabilities S
HTTP ManageEngine EventLog Analyzer 6.1 Multiple XSS Vulnerabilities_1 S
HTTP ManageEngine EventLog Analyzer 6.1 Multiple XSS Vulnerabilities_2 S
HTTP Mitel Audio and Web Conferencing Shell Command Injection Vulnerability S
HTTP Mitel Audio and Web Conferencing Shell Command Injection Vulnerability_1 S
HTTP Openfiler 'device' Parameter Cross Site Scripting Vulnerability S
HTTP SAP Crystal Reports Print ActiveX Control Buffer Overflow Vulnerability S
HTTP WordPress Processing Embed Plugin 'pluginurl' XSS Vulnerability S
HTTP WordPress Safe Search Plugin 'v1' Parameter XSS Vulnerability S
IBM Tivoli Access Manager for e-business Directory Traversal Vulnerability S
Microsoft IE CSS Parsing Vulnerability (win_exec) S
Microsoft IE CSS Parsing Vulnerability (win_shell_bind_tcp) S
Microsoft IE CSS Parsing Vulnerability (win_shell_reverse_ord_tcp) S
Microsoft IE CSS Parsing Vulnerability (win_shell_reverse_tcp) S
Microsoft IIS FTP Service Remote Buffer Overflow Vulnerability S
Microsoft Office MS10-087 Buffer Overflow Vulnerability (debug_trap) S
Microsoft Office MS10-087 Buffer Overflow Vulnerability (win_exec) S
Microsoft Office MS10-087 Buffer Overflow Vulnerability (win_messagebox) S
Microsoft Office MS10-087 Buffer Overflow Vulnerability (win_shell_bind_tcp) S
Microsoft Office MS10-087 Buffer Overflow Vulnerability (win_shell_reverse_ord_tcp) S
Microsoft Office MS10-087 Buffer Overflow Vulnerability (win_shell_reverse_tcp) S
MP3 CD Converter Professional '.mp3' File Buffer Overflow Vulnerability S
SolarWinds Orion NPM 'InterfaceDetails.aspx' XSS Vulnerability S
SolarWinds Orion NPM 'MapView.aspx' XSS Vulnerability S
SolarWinds Orion NPM 'NodeDetails.aspx' XSS Vulnerability S
Stuxnet Privilege Elevation Vulnerability (CVE-2010-3888) S
Winamp 'in_midi' Component MIDI Timestamp Buffer Overflow Vulnerability S
Word Splash Pro Word List Processing Buffer Overflow Vulnerability S

7 Evasions

Evasion HTML base64 double_pad (for CVE-2010-3971) S
Evasion HTML javascript escape (for CVE-2010-3971) S
Evasion HTML unicode (utf-16le) (for CVE-2010-3971) S
Evasion HTTP chunked (for CVE-2010-3971) S
Evasion HTTP gzip compression (for CVE-2010-3971) S
Evasion HTTP Header Folding (for CVE-2010-3971) S
Evasion HTTP junk headers (for CVE-2010-3971) S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.