Search

Traffic File Update - November 2017

This Traffic IQ Professional update for November 2017 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for November 2017

142 Application Exploits

Barracuda Spam & Virus Firewall 5.1.3.007 - Remote Command Execution (Metasploit) S
BuilderEngine 3.5.0 - Arbitrary File Upload and Execution (Metasploit) S
Disk Pulse Enterprise 9.9.16 - GET Buffer Overflow (Metasploit) S
DNS Dnsmasq 2.78 - Integer Underflow S
DNS Dnsmasq 2.78 - Lack of free() Denial of Service S
Easy Internet Sharing Proxy Server 2.2 - SEH Overflow Vulnerability (Metasploit)_1 S
Easy Internet Sharing Proxy Server 2.2 - SEH Overflow Vulnerability (Metasploit)_2 S
Easy Internet Sharing Proxy Server 2.2 - SEH Overflow Vulnerability (Metasploit)_3 S
Easy Internet Sharing Proxy Server 2.2 - SEH Overflow Vulnerability (Metasploit)_4 S
EMC AlphaStor Device Manager - Opcode 0x72 Buffer Overflow (Metasploit) S
EMC AlphaStor Library Manager 4.0 build 910 - Opcode 0x4f Buffer Overflow (Metasploit) S
EMC CMCNE 11.2.1 - FileUploadController Remote Code Execution (Metasploit) S
haneWIN DNS Server 1.5.3 - Buffer Overflow (Metasploit) S
HTTP Abservetech JobStar Monster Clone Script SQL Injection Vuln S
HTTP Apache Solr 7.0.1 - 'newcollection' Trigger RCE S
HTTP Apache Solr 7.0.1 - RunExecutableListener RCE S
HTTP Apache Solr 7.0.1 - XML External Entity Expansion S
HTTP Apache Tomcat 9.0.1 (Beta) 8.5.23 8.0.47 7.0.8 - JSP Upload Bypass RCE S
HTTP Avaya OfficeScan (IPO) 10.1 - 'SoftConsole' Buffer Overflow (SEH) S
HTTP Avaya OfficeScan (IPO) 10.1 - ActiveX Buffer Overflow S
HTTP Carel PlantVisor 2.4.4 - Directory Traversal Information Disclosure (Metasploit) S
HTTP Carlo Gavazzi Powersoft 2.1.1.1 - Directory Traversal File Disclosure (Metasploit) S
HTTP ClipBucket 2.8.3 - Remote Code Execution S
HTTP Cloudview NMS 2.00b - Arbitrary File Upload - Get Session (Metasploit) S
HTTP Cloudview NMS 2.00b - Arbitrary File Upload - Setup Directory (Metasploit) S
HTTP Cloudview NMS 2.00b - Arbitrary File Upload - Upload File (Metasploit) S
HTTP D-Link DIR-605L 2.08 - Denial of Service S
HTTP Debut Embedded httpd 1.20 - Denial of Service S
HTTP DenyAll WAF 6.3.0 - Remote Code Execution (Metasploit) S
HTTP DeWorkshop 1.0 - 'customerupdate.php' Arbitrary File Upload S
HTTP DeWorkshop 1.0 - PHP Arbitrary File Upload S
HTTP Dup Scout Enterprise 10.0.18 - 'Login' Remote Buffer Overflow S
HTTP Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution S
HTTP IBM OpenAdmin Tool - SOAP welcomeServer PHP Code Execution (Metasploit) S
HTTP Indusoft Web Studio - Directory Traversal Information Disclosure (Metasploit) S
HTTP Invoice Manager 'Add Admin' CSRF Vuln (From Server) S
HTTP Invoice Manager 'Add Admin' CSRF Vuln (To Server) S
HTTP iTechScripts Classifieds Script 'show_like.php' SQL Injection Vuln S
HTTP iTechScripts Classifieds Script 'userlistings.php' SQL Injection Vuln S
HTTP iTechScripts Freelancer Script 'profile.php' SQL Injection Vuln S
HTTP iTechScripts Freelancer Script 'showSkill.php' SQL Injection Vuln S
HTTP iTechScripts Image Sharing Script 'boardpage.php' SQL Injection Vuln S
HTTP iTechScripts Image Sharing Script 'pinDetails.php' SQL Injection Vuln S
HTTP iTechScripts Image Sharing Script 'profilepage.php' SQL Injection Vuln S
HTTP iTechScripts Image Sharing Script 'searchpin.php' SQL Injection Vuln S
HTTP iTechScripts Job Portal Script 'Employer_Details.php' SQL Injection Vuln S
HTTP iTechScripts Job Portal Script 'Job_Details.php' SQL Injection Vuln S
HTTP iTechScripts Multi Vendor Script 'product.php' SQL Injection Vuln S
HTTP iTechScripts Multi Vendor Script 'search.php' SQL Injection Vuln S
HTTP iTechScripts Social Networking Script 'photos_of_you.php' SQL Injection Vuln S
HTTP iTechScripts Social Networking Script 'timeline.php' SQL Injection Vuln S
HTTP iTechScripts Travel Portal Script 'bus_details.php' SQL Injection Vuln S
HTTP iTechScripts Travel Portal Script 'hotel_view.php' SQL Injection Vuln S
HTTP Joomla! Component Ajax Quiz 'index.php' SQL Injection Vuln S
HTTP Joomla! Component Appointment 'index.php' SQL Injection Vuln S
HTTP Joomla! Component Appointment 'index.php' SQL Injection Vuln_1 S
HTTP Joomla! Component Bargain Product 'index.php' SQL Injection Vuln S
HTTP Joomla! Component Bargain Product 'index.php' SQL Injection Vuln_1 S
HTTP Joomla! Component Calendar Planner 'index.php' SQL Injection Vuln S
HTTP Joomla! Component Flip Wall 'index.php' SQL Injection Vuln S
HTTP Joomla! Component FocalPoint 'index.php' SQL Injection Vuln S
HTTP Joomla! Component Huge-IT Portfolio Gallery Plugin 'ajax_url.php' SQL Injection Vuln S
HTTP Joomla! Component Huge-IT Portfolio Gallery Plugin 'ajax_url.php' SQL Injection Vuln_1 S
HTTP Joomla! Component Huge-IT Video Gallery 'ajax_url.php' SQL Injection Vuln S
HTTP Joomla! Component OSDownloads 'index.php' SQL Injection Vuln S
HTTP Joomla! Component Photo Contest SQL Injection Vuln S
HTTP Joomla! Component Price Alert 'index.php' SQL Injection Vuln S
HTTP Joomla! Component Quiz Deluxe 'index.php' SQL Injection Vuln S
HTTP Joomla! Component Quiz Deluxe 'index.php' SQL Injection Vuln_1 S
HTTP Joomla! Component Responsive Portfolio 'index.php' SQL Injection Vuln S
HTTP Ladon Framework for Python 0.9.40 - XML External Entity Expansion S
HTTP LanSweeper 6.0.100.75 - 'description' Cross-Site Scripting S
HTTP LanSweeper 6.0.100.75 - 'det' Cross-Site Scripting S
HTTP LanSweeper 6.0.100.75 - 'title' Cross-Site Scripting S
HTTP Microsoft Internet Explorer 11 - 'jscript!JsErrorToString' Use-After-Free S
HTTP MyBB 1.8.13 - Remote Code Execution (From Server) S
HTTP MyBB 1.8.13 - Remote Code Execution (To Server) S
HTTP NETGEAR DGN2200 - dnslookup.cgi Command Injection (Metasploit) S
HTTP Netgear R7000 and R6400 - 'cgi-bin' Command Injection (Metasploit) S
HTTP Nice PHP FAQ Script - 'nice_theme' SQL Injection S
HTTP Online Exam Test Application - 'sort' SQL Injection S
HTTP PHP Dashboards 'db.php' SQL Injection Vuln S
HTTP PHP Dashboards 'save.php' SQL Injection Vuln S
HTTP PHP Melody 2.6.1 - SQL Injection S
HTTP phpMyFAQ 2.9.8 - Cross-Site Request Forgery (From Server) S
HTTP phpMyFAQ 2.9.8 - Cross-Site Request Forgery (To Server) S
HTTP Progress Sitefinity CMS Cross Site Scripting Vuln S
HTTP Progress Sitefinity CMS Cross Site Scripting Vuln_1 S
HTTP Progress Sitefinity CMS Cross Site Scripting Vuln_2 S
HTTP Progress Sitefinity CMS Cross Site Scripting Vuln_3 S
HTTP Progress Sitefinity CMS Cross Site Scripting Vuln_4 S
HTTP Progress Sitefinity CMS Cross Site Scripting Vuln_5 S
HTTP Progress Sitefinity CMS Cross Site Scripting Vuln_6 S
HTTP Quali CloudShell 'Environment Funtion' Cross Site Scripting Vuln S
HTTP Quali CloudShell 'Job Scheduling Funtion' Cross Site Scripting Vuln S
HTTP Quali CloudShell 'Job Scheduling Funtion' Cross Site Scripting Vuln_1 S
HTTP Quali CloudShell 'Job Scheduling Funtion' Cross Site Scripting Vuln_2 S
HTTP Quali CloudShell 'Job Scheduling Funtion' Cross Site Scripting Vuln_3 S
HTTP Quali CloudShell 'Job Scheduling Funtion' Cross Site Scripting Vuln_4 S
HTTP Quali CloudShell 'Reservation Funtion' Cross Site Scripting Vuln S
HTTP Quali CloudShell 'Reservation Funtion' Cross Site Scripting Vuln_1 S
HTTP Quali CloudShell 'Resource Template Funtion' Cross Site Scripting Vuln S
HTTP Quali CloudShell 'Resource Template Funtion' Cross Site Scripting Vuln_1 S
HTTP QuantaStor Software Defined Storage 4.3.1 - Cross Site Scripting S
HTTP QuantaStor Software Defined Storage 4.3.1 - Enumeration Vulnerability S
HTTP RealTime RWR-3G-100 Router 'Change Admin Password' CSRF Vuln (From Server) S
HTTP RealTime RWR-3G-100 Router 'Change Admin Password' CSRF Vuln (To Server) S
HTTP Roteador Wireless Intelbras WRN150 - Authentication Bypass S
HTTP Squid Analysis Report Generator 2.3.10 - Remote Code Execution S
HTTP Sync Breeze Enterprise 10.1.16 - 'POST' Remote Buffer Overflow S
HTTP Trend Micro Data Loss Prevention Virtual Appliance 5.2 - Path Traversal S
HTTP Trend Micro InterScan Messaging Security (Virtual Appliance) - RCE (Metasploit) S
HTTP Trend Micro OfficeScan 11.0XG (12.0) - Denial Of Service INI Corruption S
HTTP Trend Micro OfficeScan 11.0XG (12.0) - NT Domain Disclosure S
HTTP Trend Micro OfficeScan 11.0XG (12.0) - PHP Information Disclosure S
HTTP Trend Micro OfficeScan 11.0XG (12.0) - Private Key Disclosure S
HTTP Trend Micro OfficeScan 11.0XG (12.0) - Server Side Request Forgery S
HTTP Trend Micro OfficeScan 11.0XG (12.0) - Start Remote Process Code Execution S
HTTP Vonage VDV23 - 'newdomain' Cross-Site Scripting (From Server) S
HTTP Vonage VDV23 - 'newdomain' Cross-Site Scripting (To Server) S
HTTP Vonage VDV23 - 'newkeyword' Cross-Site Scripting (From Server) S
HTTP Vonage VDV23 - 'newkeyword' Cross-Site Scripting (To Server) S
HTTP WhatsApp 2.17.52 - Memory Corruption S
HTTP WordPress Plugin Participants Database 1.7.5.10 - Cross-Site Scripting S
HTTP WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection S
HTTP ZKTime Web Software 2.0 - Cross-Site Request Forgery (From Server) S
HTTP ZKTime Web Software 2.0 - Cross-Site Request Forgery (To Server) S
HTTP ZKTime Web Software 2.0 - Improper Access Restrictions S
HTTP Zomato Clone Script - 'resid' SQL Injection S
KingScada AlarmServer 3.1.2.13 - Stack Buffer Overflow (Metasploit) S
Lockstep Backup for Workgroups 4.0.3 - Buffer Overflow (Metasploit) S
Malware HTTP GET Request Associated with Dragonfly 2.0 APT (bit.ly) S
Malware HTTP GET Request Associated with Dragonfly 2.0 APT (tinyurl.com) S
Motorola Netopia Netoctopus SDCS - Stack Buffer Overflow (Metasploit) S
Oracle WebLogic Server 10.3.6.0 - Java Deserialization S
QNAP Transcode Server - Command Execution (Metasploit) S
Sielco Sistemi Winlog 2.07.16 - Buffer Overflow (Metasploit)_1 S
Sielco Sistemi Winlog 2.07.16 - Buffer Overflow (Metasploit)_2 S
Sielco Sistemi Winlog 2.07.16 - Buffer Overflow (Metasploit)_3 S
SMTP ArGoSoft Mini Mail Server 1.0.0.2 - Denial of Service S
SMTP Qmail SMTP - Bash Environment Variable Injection (Metasploit) S
Sync Breeze Enterprise 10.1.16 - Buffer Overflow (SEH) (Metasploit) S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.