Search

Traffic File Update - July 2015

This Traffic IQ Professional update for July 2015 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for July 2015

219 Application Exploits

Adobe Flash (CVE-2015-0336) NetConnection Type Confusion Memory Corruption Vulnerability S
Adobe Flash (CVE-2015-0359) domainMemory ByteArray Use After Free Vulnerability S
Adobe Flash (CVE-2015-3043) Nellymoser Audio Decoding Buffer Overflow Vulnerability S
Adobe Flash (CVE-2015-3090) ShaderJob Buffer Overflow Vulnerability S
Adobe Flash (CVE-2015-3105) Drawing Fill Shader Memory Corruption Vulnerability S
Adobe Flash (CVE-2015-5119) ByteArray Use After Free Vulnerability S
Adobe Flash (CVE-2015-5122) opaqueBackground Use After Free Vulnerability S
Advantech AdamView .gni File SEH Buffer Overflow Vulnerability S
HTTP 2daybiz Video Community Portal XSS Vulnerability S
HTTP Ad Inserter Plugin for WordPress ad-inserter.php CSRF Vulnerability S
HTTP Airties login-cgi Buffer Overflow (Mixed Case) S
HTTP Airties login-cgi Buffer Overflow S
HTTP Album Streamer for iOS photoDownload id Paramater File Access Vulnerability S
HTTP Alcatel-Lucent OmniSwitch Multiple Products CVE-2015-2805 CSRF Vulnerability S
HTTP Apache Batik Library XML External Entity (XXE) Injection Vulnerability S
HTTP ApPHP Hotel Site SQL Injection Vulnerability S
HTTP Asus RT-G32 Cross Site Request Forgery Vulnerability (From Server) S
HTTP Asus RT-G32 Cross Site Request Forgery Vulnerability (To Server) S
HTTP Asus RT-G32 Cross Site Scripting Vulnerability S
HTTP Asus RT-G32 Cross Site Scripting Vulnerability_1 S
HTTP Asus RT-G32 Cross Site Scripting Vulnerability_2 S
HTTP Asus RT-G32 Cross Site Scripting Vulnerability_3 S
HTTP Asus RT-G32 Cross Site Scripting Vulnerability_4 (From Server) S
HTTP Asus RT-G32 Cross Site Scripting Vulnerability_4 (To Server) S
HTTP Atmailopen 'func' Parameter XSS Vulnerability S
HTTP Atmailopen 'func' Parameter XSS Vulnerability_1 S
HTTP Audio ShareCross Site Scripting Vulnerability S
HTTP Barracuda SSL VPN XSS Vulnerability S
HTTP Barracuda SSL VPN XSS Vulnerability_1 S
HTTP Barracuda SSL VPN XSS Vulnerability_2 S
HTTP Broadlight Residential Gateway DI3124 - DNS Change (Percent Encoded) S
HTTP Broadlight Residential Gateway DI3124 - DNS Change S
HTTP Broadlight Residential Gateway DI3124 - DNS Change_1 (Percent Encoded) S
HTTP Broadlight Residential Gateway DI3124 - DNS Change_1 S
HTTP Broadlight Residential Gateway DI3124 - DNS Change_2 (Percent Encoded) S
HTTP Broadlight Residential Gateway DI3124 - DNS Change_2 S
HTTP Broadlight Residential Gateway DI3124 - DNS Change_3 (Percent Encoded) S
HTTP Broadlight Residential Gateway DI3124 - DNS Change_3 S
HTTP Broadlight Residential Gateway Unauthenticated Remote Access (deldns) Vulnerability S
HTTP Broadlight Residential Gateway Unauthenticated Remote Access (getconf) Vulnerability S
HTTP Broadlight Residential Gateway Unauthenticated Remote Access (getdns) Vulnerability S
HTTP Broadlight Residential Gateway Unauthenticated Remote Access (savedns) Vulnerability S
HTTP C2Box Cross Site Request Forgery Vulnerability (From Server) S
HTTP C2Box Cross Site Request Forgery Vulnerability (To Server) S
HTTP CellPipe Cross Site Request Forgery Vulnerability (From Server) S
HTTP CellPipe Cross Site Request Forgery Vulnerability (To Server) S
HTTP Citrix Command Center 'Advent JMX' Servlet Unauthorized Access Vulnerability S
HTTP Citrix NetScaler SOAP Handler - RCE (Mixed Case) S
HTTP Citrix NetScaler SOAP Handler - RCE S
HTTP ClickHeat 'index.php' CVE-2015-4659 CSRF Vulnerability S
HTTP Coppermine Photo Gallery XSS Vulnerability S
HTTP Cosmoshop 'index.cgi' XSS Vulnerability S
HTTP D-Link Devices HNAP SOAPAction-Header Command Execution (Mixed Case) S
HTTP D-Link Devices HNAP SOAPAction-Header Command Execution S
HTTP Dell SonicWALL Secure Remote Access Products CVE-2015-2248 CSRF Vulnerability S
HTTP DiamondList CSRF Vulnerability (From Server) S
HTTP DiamondList CSRF Vulnerability (To Server) S
HTTP DiamondList XSS Vulnerability (From Server) S
HTTP DiamondList XSS Vulnerability (To Server) S
HTTP DiamondList XSS Vulnerability_1 (From Server) S
HTTP DiamondList XSS Vulnerability_1 (To Server) S
HTTP DotNetNuke 'InstallWizard.aspx' XSS Vulnerability S
HTTP EdgePHP CBQuick 'search' Parameter XSS Vulnerability S
HTTP Ektron CVE-2015-3624 Cross Site Request Forgery Vulnerability S
HTTP ESC 8832 Data Controller Session Hijacking (Percent Encoded) S
HTTP ESC 8832 Data Controller Session Hijacking S
HTTP eXV2 CMS XSS Vulnerability S
HTTP eXV2 CMS XSS Vulnerability_1 S
HTTP eXV2 CMS XSS Vulnerability_2 S
HTTP eXV2 CMS XSS Vulnerability_3 S
HTTP F5 BIG-IP 10.1.0 - Directory Traversal Vulnerability (Percent Encoded) S
HTTP F5 BIG-IP 10.1.0 - Directory Traversal Vulnerability S
HTTP FiverrScript CSRF Add New Admin (From Server) (Mixed Case) S
HTTP FiverrScript CSRF Add New Admin (From Server) S
HTTP FiverrScript CSRF Add New Admin (To Server) (Mixed Case) S
HTTP FiverrScript CSRF Add New Admin (To Server) S
HTTP Fiyo CMS 2.0_1.9.1 - 'id' Parameter SQL Injection (Mixed Case) S
HTTP Fiyo CMS 2.0_1.9.1 - 'id' Parameter SQL Injection S
HTTP Fiyo CMS 2.0_1.9.1 - 'user' Parameter SQL Injection (Mixed Case) S
HTTP Fiyo CMS 2.0_1.9.1 - 'user' Parameter SQL Injection S
HTTP GeniXCMS 0.0.3 - register.php 'email' Parameter SQL Injection (Mixed Case) S
HTTP GeniXCMS 0.0.3 - register.php 'email' Parameter SQL Injection S
HTTP GeniXCMS 0.0.3 - register.php 'userid' Parameter SQL Injection (Mixed Case) S
HTTP GeniXCMS 0.0.3 - register.php 'userid' Parameter SQL Injection S
HTTP GoAhead WebServer Directory Traversal Vulnerability S
HTTP GoAhead WebServer Heap Overflow Vulnerability S
HTTP HP WebInspect CVE-2015-2125 Unauthorized Access (From Server) (Mixed Case) S
HTTP HP WebInspect CVE-2015-2125 Unauthorized Access (From Server) S
HTTP HP WebInspect CVE-2015-2125 Unauthorized Access (To Server) (Mixed Case) S
HTTP HP WebInspect CVE-2015-2125 Unauthorized Access (To Server) S
HTTP ISPConfig show_sys_state.php SQL Injection CVE-2015-4118 Vulnerability S
HTTP ISPConfig users_edit.php CSRF CVE-2015-4118 Vulnerability S
HTTP K-Search 'index.php' XSS Vulnerability S
HTTP Kodak InSite XSS Vulnerability S
HTTP Kodak InSite XSS Vulnerability_1 S
HTTP Koha 3.20.1 - 'members' Path Traversal (Mixed Case URL) S
HTTP Koha 3.20.1 - 'members' Path Traversal S
HTTP Koha 3.20.1 - 'virtualshelves' Path Traversal (Mixed Case URL) S
HTTP Koha 3.20.1 - 'virtualshelves' Path Traversal S
HTTP Koha 3.20.1 - authorities-home.pl XSS (Percent Encoded) S
HTTP Koha 3.20.1 - authorities-home.pl XSS S
HTTP Koha 3.20.1 - auth_subfields_structure.pl XSS (Percent Encoded) S
HTTP Koha 3.20.1 - auth_subfields_structure.pl XSS S
HTTP Koha 3.20.1 - Create New User CSRF (Percent Encoded) S
HTTP Koha 3.20.1 - Create New User CSRF S
HTTP Koha 3.20.1 - lateorders.pl XSS (Percent Encoded) S
HTTP Koha 3.20.1 - lateorders.pl XSS S
HTTP Koha 3.20.1 - marc_subfields_structure.pl XSS (Percent Encoded) S
HTTP Koha 3.20.1 - marc_subfields_structure.pl XSS S
HTTP Koha 3.20.1 - opac-search.pl XSS (Percent Encoded) S
HTTP Koha 3.20.1 - opac-search.pl XSS S
HTTP Koha 3.20.1 - opac-shelves.pl XSS (Percent Encoded) S
HTTP Koha 3.20.1 - opac-shelves.pl XSS S
HTTP Koha 3.20.1 - Permission Escalation (Percent Encoded) S
HTTP Koha 3.20.1 - Permission Escalation S
HTTP Koha 3.20.1 - search.pl XSS (Percent Encoded) S
HTTP Koha 3.20.1 - search.pl XSS S
HTTP Koha 3.20.1 - serials-search.pl XSS (Percent Encoded) S
HTTP Koha 3.20.1 - serials-search.pl XSS S
HTTP Koha 3.20.1 - suggestion.pl XSS (Percent Encoded) S
HTTP Koha 3.20.1 - suggestion.pl XSS S
HTTP Libmimedir 'dirlex.c' CVE-2015-3205 Memory Corruption Vulnerability S
HTTP Mollify 'index.php' XSS Vulnerability S
HTTP NewsOffice 'news_show.php' XSS Vulnerability S
HTTP Novius OS Directory Traversal Vulnerability (Percent Encoded) S
HTTP Novius OS Directory Traversal Vulnerability S
HTTP Novius OS Open Redirect Vulnerability (Percent Encoded) S
HTTP Novius OS Open Redirect Vulnerability S
HTTP osCSS 'page' Parameter XSS Vulnerability S
HTTP pfSense 'graph.php' XSS Vulnerability S
HTTP pfSense 'graph.php' XSS Vulnerability_1 S
HTTP PHP Bible Search 'bible.php' XSS Vulnerability S
HTTP PHP-Fusion 7.02.07 - 'status' Parameter SQL Injection (Percent Encoded) S
HTTP PHP-Fusion 7.02.07 - 'status' Parameter SQL Injection S
HTTP PHP-Fusion 7.02.07 - 'submit_id' Parameter SQL Injection (Percent Encoded) S
HTTP PHP-Fusion 7.02.07 - 'submit_id' Parameter SQL Injection S
HTTP PHPShop 'name_new' Parameter XSS Vulnerability S
HTTP PHPXref 'nav.html' XSS Vulnerability S
HTTP Polycom RealPresence RM 8.4 Password Disclosure (Mixed Case) S
HTTP Polycom RealPresence RM 8.4 Password Disclosure S
HTTP Polycom RealPresence RM 8.4 Path Traversal (Percent Encoded) S
HTTP Polycom RealPresence RM 8.4 Path Traversal S
HTTP Python CGIHTTPServer Encoded Path Traversal Vulnerability S
HTTP Realtek rtl81xx SDK CVE-2014-8361 RCE (Mixed Case) S
HTTP Realtek rtl81xx SDK CVE-2014-8361 RCE S
HTTP Redmine 'projects-hg-hellowword-news-' XSS Vulnerability S
HTTP RSS WordPress Plugin 'rss_url' Parameter XSS Vulnerability S
HTTP RunCms 'magpie_debug.php' XSS Vulnerability S
HTTP S-CMS XSS Vulnerability S
HTTP TickFa SQL Injection Vulnerability S
HTTP TWiki XSS Vulnerability S
HTTP TYPO3 Akronymmanager Extension 'index.php' SQL Injection Vulnerability S
HTTP Ultimate Product Catalogue Plugin for WordPress CSRF & File Upload Vulnerability S
HTTP Ultimate Product Catalogue Plugin for WordPress CSRF & XSS Vulnerability S
HTTP Ultimate Profile Builder Plugin for WordPress CSRF Vulnerability S
HTTP WebUI mainfile.php Multiple Parameter Remote Code Execution Vulnerability S
HTTP Whos Who Script - CSRF (From Server) (Mixed Case) S
HTTP Whos Who Script - CSRF (From Server) S
HTTP Whos Who Script - CSRF (To Server) (Mixed Case) S
HTTP Whos Who Script - CSRF (To Server) S
HTTP Wing FTP Server Admin 4.4.5 - 'domain' Parameter XSS (Percent Encoded) S
HTTP Wing FTP Server Admin 4.4.5 - 'domain' Parameter XSS S
HTTP Wing FTP Server Admin 4.4.5 - 'type' Parameter XSS (Percent Encoded) S
HTTP Wing FTP Server Admin 4.4.5 - 'type' Parameter XSS S
HTTP Wing FTP Server Admin 4.4.5 - CSRF Add Arbitrary User (Mixed Case URL) S
HTTP Wing FTP Server Admin 4.4.5 - CSRF Add Arbitrary User S
HTTP WordPress Booking Calendar Contact Form 1.0.2 SQL Injection (Percent Encoded) S
HTTP WordPress Booking Calendar Contact Form 1.0.2 SQL Injection S
HTTP WordPress Booking Calendar Contact Form 1.0.2 SQL Injection_1 (Percent Encoded) S
HTTP WordPress Booking Calendar Contact Form 1.0.2 SQL Injection_1 S
HTTP WordPress Booking Calendar Contact Form 1.0.2 SQL Injection_2 (Percent Encoded) S
HTTP WordPress Booking Calendar Contact Form 1.0.2 SQL Injection_2 S
HTTP WordPress Contact Form DB Plugin CSRF Vulnerability (From Server) S
HTTP WordPress Contact Form DB Plugin CSRF Vulnerability (To Server) S
HTTP WordPress Encrypted Contact Form Plugin CVE-2015-4010 CSRF Vulnerability S
HTTP WordPress flash-album 'facebook.php' XSS Vulnerability S
HTTP Wordpress Joomla! XCloner Plugin File Access Vulnerability S
HTTP Wordpress MailPoet (wysija-newsletters) Unauthenticated File Upload Vulnerability S
HTTP WordPress N-Media Website Contact Form with File Upload LFI Vulnerability S
HTTP WordPress Plugin Free Counter 1.1 Stored XSS (Mixed Case) S
HTTP WordPress Plugin Free Counter 1.1 Stored XSS S
HTTP Wordpress Simple Ads Manager - Information Disclosure (Mixed Case) S
HTTP Wordpress Simple Ads Manager - Information Disclosure S
HTTP WordPress Twitter 'url' Parameter XSS Vulnerability S
HTTP WordPress WP Membership Plugin 1.2.3 - Privilege Escalation (Mixed Case) S
HTTP WordPress WP Membership Plugin 1.2.3 - Privilege Escalation S
HTTP WordPress WP Symposium Plugin SQL Injection Vulnerability S
HTTP WordPress wp-smiley Plugin CVE-2015-4140 CSRF Vulnerability S
HTTP WordPress WPML Missing Authentication Vulnerability S
HTTP WordPress XCloner Plugin CVE-2015-4338 XSS Vulnerability S
HTTP WPML Plugin for WordPress feed action Parameter SQL Injection Vulnerability S
HTTP Xeams CVE-2015-3141 Multiple HTML Injection and CSRF Vulnerabilities S
HTTP Xeams CVE-2015-3141 Multiple HTML Injection and CSRF Vulnerabilities_1 S
HTTP Xeams CVE-2015-3141 Multiple HTML Injection and CSRF Vulnerabilities_2 S
HTTP Xeams CVE-2015-3141 Multiple HTML Injection and CSRF Vulnerabilities_3 S
HTTP YARPP options-general.php yarpp Page Option Manipulation CSRF Vulnerability S
HTTP Zimplit CMS XSS Vulnerability S
HTTP Zimplit CMS XSS Vulnerability _1 S
HTTP ZTE F660 Router Remote Config Download Vulnerability (From Server) S
HTTP ZTE F660 Router Remote Config Download Vulnerability (To Server) S
HTTP ZTE ZXHN H108L Authentication Bypass Vulnerability S
Joomla component EQ Event Calendar CVE-2015-4654 SQL Injection vulnerability S
Malware DNS Query for Malicious Domain Name (imaps.qki6.com) S
Malware DNS Query for Malicious Domain Name (menmin.strezf.com) S
Malware DNS Query for Malicious Domain Name (static.jg7.org) S
ManageEngine AssetExplorer AssetListView.do CSRF Vulnerability S
MemeCode i.Ftp Schedule.xml Handling Buffer Overflow Vulnerability S
ResourceSpace CVE-2015-3648 Local File Include Vulnerability S
SysAid ActiveRequests Report SQL Injection CVE-2015-2999 Vulnerability S
SysAid Admin account creation CVE-2015-2993 Vulnerability S
SysAid Arbitrary file download CVE-2015-2996 Vulnerability S
SysAid Denial of service CVE-2015-2996 Vulnerability S
SysAid groupFilter Parameter SQL Injection CVE-2015-2999 Vulnerability S
SysAid HelpDesk.jsp SQL Injection CVE-2015-2999 Vulnerability S
SysAid RFCGantt.jsp SQL Injection CVE-2015-2999 Vulnerability S
SysAid TopAdministratorsByAverageTimer Report SQL Injection CVE-2015-2999 Vulnerability S
SysAid Uncontrolled file overwrite CVE-2015-2993 Vulnerability S
UPC Plugin for WordPress Shortcodes.php SQL Injection Vulnerability S
Wing FTP Server Cross Site Request Forgery Vulnerability S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.