idappcom - News Update | Network Security Assessment | Vulnerability Assessment | Vulnerability Scanner | Network Security Scanner | Security Assessment

Home Products Downloads News About Us My Account

idappcom News Update
30th November 2009

Traffic File Update November 2009

Traffic IQ Pro is already the most comprehensive testing and validation solution available today for network and inline devices. With its ease of use and extensive library of normal and threat traffic files the product can be used to easily create and replay simple or complex stateful testing scenarios to allow the validation of the configuration of inline network devices such as firewalls, IPS, routers, switches and other critical network systems in a controlled, repeatable and safe way.

Note: Traffic file updates are available to licensed users only.

This update includes the following traffic files:

Application Exploits

Adobe Reader and Acrobat U3D File Invalid Array Index Remote Vuln (gen_shell_bind_tcp)
Adobe Reader and Acrobat U3D File Invalid Array Index Remote Vuln (win_exec)
Adobe Reader and Acrobat U3D File Invalid Array Index Remote Vuln (win_shell_reverse_ord_tcp)
Adobe Reader and Acrobat U3D File Invalid Array Index Remote Vuln (win_shell_reverse_tcp)
Autodesk Softimage Scene TOC File Remote Code Execution Vulnerability
CA Anti-Spyware 'ppctl.dl' Remote Buffer Overflow Vulnerability (win_exec)
CA Anti-Spyware 'ppctl.dl' Remote Buffer Overflow Vulnerability (win_shell_bind_tcp)
CA Anti-Spyware 'ppctl.dl' Remote Buffer Overflow Vulnerability (win_shell_reverse_tcp)
FTP Home FTP Server 'MKD' Command Directory Traversal Vulnerability
FTP Home FTP Server 'SITE INDEX' Command Remote DoS Vulnerability
FTP TYPSoft FTP Server 'APPE' and 'DELE' Commands Remote Denial of Service Vulnerability
FTP XM Easy Personal FTP Server 'APPE' and 'DELE' Commands Remote Denial of Service
Hewlett-Packard Power Manager Web Server Remote Code Execution Vulnerability
HP Openview Network Node Manager Invalid DB Error Code vulnerability
HTTP Apple Safari CSS Denial of Service Vulnerability
HTTP Cherokee Web Server Remote Directory Traversal Vulnerability
HTTP FireStats WordPress Plugin Authentication Bypass Vulnerability
HTTP FireStats WordPress Plugin Multiple Cross Site Scripting
HTTP Fuctweb CapCC Plugin for WordPress CAPTCHA Cross-Site Request Forgery
HTTP Fuctweb CapCC Plugin for WordPress CAPTCHA Security Bypass Vulnerability
HTTP Fuctweb CapCC Plugin for WordPress CAPTCHA SQL Injection Vulnerability
HTTP Fuctweb CapCC Plugin for WordPress CAPTCHA SQL Injection Vulnerability_1
HTTP Joomla Google Calendar Component 'gcid' Parameter SQL Injection Vulnerability
HTTP Mozilla Firefox CVE-2009-3382 Remote Memory Corruption Vulnerability
HTTP RhinoSoft Serv-U Web Client HTTP Request Remote Buffer Overflow Vulnerability
HTTP Subscribe to Comments WordPress Plugin Cross Site Scripting Vulnerability
HTTP WordPress WP-Cumulus Plugin 'tagcloud.swf' Cross-Site Scripting Vulnerability
IBM Installation Manager 'iim' URI Remote Library Injection Vulnerability
IBM SolidDB 'solid.exe' Denial of Service Vulnerability
McAfee Network Security Manager Information Disclosure Vulnerability
McAfee Network Security Manager Multiple Cross Site Scripting Vulnerabilities
McAfee Network Security Manager Multiple Cross Site Scripting Vulnerabilities_1
Microsoft IE 'Style' Object Remote Code Execution (generic_shell_bind_tcp)
Microsoft Internet Explorer 'Style' Object Remote Code Execution (win_exec)
Microsoft Internet Explorer 'Style' Object Remote Code Execution (win_shell_bind_tcp)
Microsoft Internet Explorer 'Style' Object Remote Code Execution
Microsoft Internet Explorer 'Style' Object Remote Code Execution_1
Mozilla Firefox 'libpr0n' GIF File Handling Denial of Service Vulnerability
Mozilla Firefox 'libpr0n' GIF File Handling Denial of Service Vulnerability_1
Mozilla Firefox CVE-2009-3379 Multiple Remote Memory Corruption Vulnerabilities
Mozilla Firefox CVE-2009-3379 Multiple Remote Memory Corruption Vulnerabilities_1
Novell eDirectory iMonitor HTTPSTK Buffer Overflow Vulnerability (win2k)
Novell eDirectory iMonitor HTTPSTK Buffer Overflow Vulnerability (winNT)
Novell eDirectory iMonitor HTTPSTK Buffer Overflow Vulnerability (winXP)
Novell eDirectory iMonitor HTTPSTK Buffer Overflow Vulnerability
Novell eDirectory iMonitor HTTPSTK Buffer Overflow Vulnerability_1
Opera Web Browser 'dtoa()' Remote Code Execution Vulnerability
Opera Web Browser 'dtoa()' Remote Code Execution Vulnerability_1
Winamp Ultravox Streaming Metadata Buffer Overflow Vulnerability (win_exec)
Winamp Ultravox Streaming Metadata Buffer Overflow Vulnerability (win_shell_bind_tcp)
Yahoo Messenger 'YahooBridgeLib.dll' Control Remote Denial of Service Vulnerability

Security Evasion Techniques

Evasion HTML base64 (random_space_injection) (for CVE-2009-4054)
Evasion HTML javascript escape (for CVE-2009-4054)
Evasion HTML unicode (utf-16be) (for CVE-2009-4054)
Evasion HTTP Header Folding (for CVE-2009-4054)
Evasion HTTP junk headers (for CVE-2009-4054)