Search

Traffic File Update - July 2009

This Traffic IQ Professional update for July 2009 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for July 2009

45 Application Exploits

eEye Retina WiFi Scanner '.rws' File Buffer Overflow Vulnerability S
Ekiga GetHostAddress Remote Denial of Service Vulnerability S
HTTP Apple Safari servePendingRequests() Denial of Service S
HTTP Avax Vector 'avPreview.ocx' Remote Buffer Overflow Vulnerability S
HTTP Citrix XenCenterWeb Cross-Site Request Forgery Vulnerability S
HTTP Citrix XenCenterWeb Cross-Site Scripting Vulnerability S
HTTP Citrix XenCenterWeb Input Validation Vulnerability S
HTTP Citrix XenCenterWeb Remote Command Execution Vulnerability S
HTTP CommuniGate Pro Web Mail URI Parsing HTML Injection Vulnerability S
HTTP Firefox 3.5 escape() Return Value Memory Corruption (win_exec) S
HTTP Firefox 3.5 escape() Return Value Memory Corruption (win_shell_bind_tcp) S
HTTP Horde 'Passwd' Module Cross Site Scripting Vulnerability S
HTTP iDefense COMRaider Multiple Insecure Method Vulnerabilities S
HTTP Microsoft Internet Explorer 'AddFavorite' Method Buffer Overflow Vulnerability S
HTTP Microsoft Internet Explorer 'findText()' Unicode Parsing DoS S
HTTP Mozilla Firefox 3.5 'TraceMonkey' Component Remote Code Execution S
HTTP Mozilla Firefox 3.5 'TraceMonkey' Component Remote Code Execution_1 S
HTTP Mozilla Firefox and Thunderbird RDF File Handling Remote Memory Corruption S
HTTP Mozilla Firefox and Thunderbird RDF File Handling Remote Memory Corruption_1 S
HTTP Mozilla Firefox and Thunderbird RDF File Handling Remote Memory Corruption_2 S
HTTP Mozilla Firefox Unicode Data Remote Denial of Service Vulnerability S
HTTP Mozilla Firefox URL Processing Address Bar Spoofing Vulnerability S
HTTP Multiple Vendor Browser 'HTMLSelectElement' Denial of Service Vulnerability S
HTTP Sun Java System Web Server JSP Source Code Disclosure Vulnerability S
Icarus '.icp' File Remote Stack Buffer Overflow Vulnerability S
Icarus 'PGN' File Remote Stack Buffer Overflow Vulnerability S
Icarus 'PGN' File Remote Stack Buffer Overflow Vulnerability_1 S
KMPlayer '.srt' File Remote Buffer Overflow Vulnerability S
Live for Speed '.mpr' File Processing Buffer Overflow (win_add_user) S
Live for Speed '.mpr' File Processing Buffer Overflow (win_exec) S
Live for Speed '.mpr' File Processing Buffer Overflow (win_shell_bind) S
Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption (win_exec) S
Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption (win_shell_bind_tcp) S
Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption (win_shell_reverse_tcp) S
Microsoft Office Web Components 'msDataSourceObject' Code Execution Vulnerability S
Microsoft Office Web Components 'msDataSourceObject' Code Execution Vulnerability_1 S
Microsoft OWC Spreadsheet msDataSourceObject Memory Corruption (win_exec) S
Microsoft OWC Spreadsheet msDataSourceObject Memory Corruption (win_shell_bind_tcp) S
Microsoft OWC Spreadsheet msDataSourceObject Memory Corruption (win_shell_reverse_http) S
Microsoft OWC Spreadsheet msDataSourceObject Memory Corruption (win_shell_reverse_ord_tcp) S
Microsoft OWC Spreadsheet msDataSourceObject Memory Corruption (win_shell_reverse_tcp) S
Oracle Secure Enterprise Search 'search_p_groups' Parameter Cross Site Scripting S
Oracle Weblogic Server 'console-help.portal' Cross Site Scripting Vulnerability S
RealNetworks Helix Server 'RTSP' Remote Denial of Service Vulnerability S
RealNetworks Helix Server 'SETUP' Remote Denial of Service Vulnerability S

10 Evasions

Evasion HTML base64 (for CVE-2008-0015) S
Evasion HTML base64 double_pad (for CVE-2009-1136) S
Evasion HTML javascript escape (for CVE-2008-0015) S
Evasion HTML javascript escape (for CVE-2009-1136) S
Evasion HTML unicode utf-16le (for CVE-2008-0015) S
Evasion HTTP chunked (for CVE-2009-1136) S
Evasion HTTP Header Folding (for CVE-2008-0015) S
Evasion HTTP Header Folding (for CVE-2009-1136) S
Evasion HTTP junk headers (for CVE-2008-0015) S
Evasion HTTP junk headers (for CVE-2009-1136) S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.