Search

Traffic File Update - April 2018

This Traffic IQ Professional update for April 2018 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for April 2018

171 Application Exploits

Advantech WebAccess 8.3 - Directory Traversal Remote Code Execution S
AsusWRT LAN - Unauthenticated Remote Code Execution (Metasploit) S
Barco ClickShare CSE-200 - Remote Denial of Service S
Cisco Smart Install Remote Code Execution S
CloudMe Sync 1.10.9 - Stack-Based Buffer Overflow (Metasploit) S
Dell EMC NetWorker - Denial of Service S
Disk Savvy Enterprise 10.4.18 - Stack-Based Buffer Overflow (Metasploit) S
Eclipse Equinoxe OSGi Console - Command Execution (Metasploit) S
Herospeed - 'TelnetSwitch' Remote Stack Overflow Overwrite Password Enable TelnetD S
HTTP ActivePDF Toolkit 8.1.0.19023 - '.bpx' Memory Corruption S
HTTP ActivePDF Toolkit 8.1.0.19023 - '.iff' Memory Corruption S
HTTP ActivePDF Toolkit 8.1.0.19023 - '.ras' Memory Corruption S
HTTP ActivePDF Toolkit 8.1.0.19023 - '.zbr' Memory Corruption S
HTTP ActivePDF Toolkit 8.1.0.19023 - '.zmf' Memory Corruption S
HTTP Advance Loan Management System 'view_pmt.php' SQL Injection Vuln S
HTTP Affiligator Affiliate Webshop Management System SQL Injection Vuln S
HTTP antMan 0.9.1a - Authentication Bypass S
HTTP AsusWRT LAN - Security Bypass (Metasploit) S
HTTP BravoSolution Tejari Procurement Portal 'regData.do' CSRF Vuln (From Server) S
HTTP BravoSolution Tejari Procurement Portal 'regData.do' CSRF Vuln (To Server) S
HTTP Bylancer Quickad 'listing' SQL Injection Vuln S
HTTP Bylancer Quickad 'listing' SQL Injection Vuln_1 S
HTTP Bylancer Quickad 'listing' SQL Injection Vuln_2 S
HTTP Bylancer Quickad 'listing' SQL Injection Vuln_3 S
HTTP Chrome V8 JIT - Simplified-lowererer IrOpcodekStoreElement Optimization Bug S
HTTP Chrome V8 JIT - Simplified-lowererer IrOpcodekStoreField Optimization Bug S
HTTP ClipBucket 4.0.0 - Release 4902 - 'beats_uploader' Unauthenticated Arbitrary File Upload S
HTTP ClipBucket 4.0.0 - Release 4902 - 'channelId' Unauthenticated Blind SQL Injection S
HTTP ClipBucket 4.0.0 - Release 4902 - 'downloader' Unauthenticated OS Command Injection S
HTTP ClipBucket 4.0.0 - Release 4902 - 'email' Unauthenticated Blind SQL Injection S
HTTP ClipBucket 4.0.0 - Release 4902 - 'photo_uploader' Unauthenticated Arbitrary File Upload S
HTTP ClipBucket 4.0.0 - Release 4902 - 'uploader' Unauthenticated OS Command Injection S
HTTP ClipBucket 4.0.0 - Release 4902 - 'username' Unauthenticated Blind SQL Injection S
HTTP CMS Made Simple 2.1.6 - Remote Code Execution S
HTTP CyberArk Password Vault Web Access 9.9.5 9.10 10.1 - Remote Code Execution S
HTTP D-Link DNS-325 ShareCenter 1.05B03 - Remote Command Injection S
HTTP Drupal Remote Code Execution (CVE-2018-7600) S
HTTP EasyPhotoStore Easy Car Script 'site_search.php' SQL Injection Vuln S
HTTP EasyPhotoStore Easy Car Script 'site_search.php' SQL Injection Vuln_1 S
HTTP FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass S
HTTP Flexible Poll 'index.php' SQL Injection Vuln S
HTTP Flexible Poll 'mobile_preview.php' SQL Injection Vuln S
HTTP FrontAccounting ERP 'users.php' CSRF Vuln (From Server) S
HTTP FrontAccounting ERP 'users.php' CSRF Vuln (To Server) S
HTTP Geovision Inc. IP CameraVideoAccess Control - 'configurationData' Information Disclosure S
HTTP Geovision Inc. IP CameraVideoAccess Control - 'htpasswd' Stack Overflow S
HTTP Geovision Inc. IP CameraVideoAccess Control - 'JpegStream.cgi' RCE S
HTTP Geovision Inc. IP CameraVideoAccess Control - 'Login.cgi' Stack Overflow S
HTTP Geovision Inc. IP CameraVideoAccess Control - 'Login3gpp.cgi' Stack Overflow S
HTTP Geovision Inc. IP CameraVideoAccess Control - 'param.cgi' Stack Overflow S
HTTP Geovision Inc. IP CameraVideoAccess Control - 'PictureCatch.cgi' RCE S
HTTP Geovision Inc. IP CameraVideoAccess Control - 'PictureCatch.cgi' Stack Overflow S
HTTP Geovision Inc. IP CameraVideoAccess Control - 'sdk_config_set.cgi' Disclosure S
HTTP Geovision Inc. IP CameraVideoAccess Control - Factory Reset RCE S
HTTP Geovision Inc. IP CameraVideoAccess Control - Reboot RCE S
HTTP Geovision Inc. IP CameraVideoAccess Control - Unauthorized Access S
HTTP Geovision Inc. IP CameraVideoAccess Control - Unauthorized Upgrade S
HTTP Geovision Inc. IP CameraVideoAccess Control - Update Firmware RCE S
HTTP Geovision Inc. IP CameraVideoAccess Control - Upload Firmware Header Check S
HTTP GitStack - Unauthenticated Remote Code Execution S
HTTP HPE iLO 4 2.53 - Add New Administrator User CSRF S
HTTP HPE iLO 4 2.53 - List All Users Information Disclosure S
HTTP Internet Explorer - 'RegExp.lastMatch' Memory Disclosure S
HTTP iScripts SonicBB 'search.php' Cross Site Scripting Vuln S
HTTP JBoss 4.2.x4.3.x - Information Disclosure S
HTTP Joomla Component ccNewsletter 'index.php' SQL Injection Vuln S
HTTP Joomla! Component Advertisement Board 'catname' SQL Injection Vuln S
HTTP Joomla! Component Aist 'index.php' SQL Injection Vuln S
HTTP Joomla! Component AllVideos Reloaded 'index.php' SQL Injection Vuln S
HTTP Joomla! Component DT Register 'index.php' SQL Injection Vuln S
HTTP Joomla! Component Fastball 'index.php' SQL Injection Vuln S
HTTP Joomla! Component Form Maker 'index.php' SQL Injection Vuln S
HTTP Joomla! Component Form Maker 'index.php' SQL Injection Vuln_1 S
HTTP Joomla! Component Form Maker 'index.php' SQL Injection Vuln_2 S
HTTP Joomla! Component Gallery WD 'index.php' SQL Injection Vuln S
HTTP Joomla! Component Gallery WD 'index.php' SQL Injection Vuln_1 S
HTTP Joomla! Component Google Map Landkarten 'index.php' SQL Injection Vun S
HTTP Joomla! Component Google Map Landkarten 'index.php' SQL Injection Vun_1 S
HTTP Joomla! Component Google Map Landkarten 'index.php' SQL Injection Vun_2 S
HTTP Joomla! Component InviteX 'index.php' SQL Injection Vuln S
HTTP Joomla! Component JB Bus 'index.php' SQL Injection Vuln S
HTTP Joomla! Component jGive 'index.php SQL Injection Vuln S
HTTP Joomla! Component jGive 'index.php SQL Injection Vuln_1 S
HTTP Joomla! Component JomEstate PRO 'index.php' SQL Injection Vuln S
HTTP Joomla! Component JquickContact 'index.php' SQL Injection Vuln S
HTTP Joomla! Component JS Autoz 'index.php' SQL Injection Vuln S
HTTP Joomla! Component JS Autoz 'index.php' SQL Injection Vuln_1 S
HTTP Joomla! Component JS Autoz 'index.php' SQL Injection Vuln_2 S
HTTP Joomla! Component JS Jobs 'index.php' SQL Injection Vuln S
HTTP Joomla! Component JS Jobs 'index.php' SQL Injection Vuln_1 S
HTTP Joomla! Component JS Support Ticket 'index.php' CSRF Vuln (From Server) S
HTTP Joomla! Component JS Support Ticket 'index.php' CSRF Vuln (To Server) S
HTTP Joomla! Component JS Support Ticket 'index.php' XSS Vuln (From Server) S
HTTP Joomla! Component JS Support Ticket 'index.php' XSS Vuln (To Server) S
HTTP Joomla! Component JTicketing 'index.php' SQL Injection Vuln S
HTTP Joomla! Component JTicketing 'index.php' SQL Injection Vuln_1 S
HTTP Joomla! Component MediaLibrary Free 'index.php' SQL Injection Vuln S
HTTP Joomla! Component MediaLibrary Free 'index.php' SQL Injection Vuln_1 S
HTTP Joomla! Component Project Log 'index.php' SQL Injection Vuln S
HTTP Joomla! Component Realpin 'index.php' SQL Injection Vuln S
HTTP Joomla! Component Saxum Astro 'index.php' SQL Injection Vuln S
HTTP Joomla! Component Saxum Astro 'index.php' SQL Injection Vuln_1 S
HTTP Joomla! Component Saxum Numerology 'index.php' SQL Injection Vuln S
HTTP Joomla! Component Saxum Picker 'index.php' SQL Injection Vuln S
HTTP Joomla! Component SimpleCalendar 'index.php' SQL Injection Vuln S
HTTP Joomla! Component Smart Shoutbox 'shoutauthor' SQL Injection Vuln S
HTTP Joomla! Component Solidres 'index.php' SQL Injection Vuln S
HTTP Joomla! Component SquadManagement 'index.php' SQL Injection Vuln S
HTTP Joomla! Component SquadManagement 'index.php' SQL Injection Vuln_1 S
HTTP Joomla! Component SquadManagement 'index.php' SQL Injection Vuln_2 S
HTTP Joomla! Component SquadManagement 'index.php' SQL Injection Vuln_3 S
HTTP Joomla! Component SquadManagement 'index.php' SQL Injection Vuln_4 S
HTTP Joomla! Component Staff Master 'index.php' SQL Injection Vuln S
HTTP Joomla! Component Timetable Responsive Schedule 'index.php' SQL Injection Vuln S
HTTP Joomla! Pinterest Clone Social Pinboard 'index.php' SQL Injection Vuln S
HTTP Joomla! Pinterest Clone Social Pinboard 'index.php' SQL Injection Vuln_1 S
HTTP Joomla! Pinterest Clone Social Pinboard 'index.php' SQL Injection Vuln_2 S
HTTP Joomla! Pinterest Clone Social Pinboard 'index.php' SQL Injection Vuln_3 S
HTTP Joomla! Pinterest Clone Social Pinboard 'index.php' SQL Injection Vuln_4 S
HTTP Joomla! Pinterest Clone Social Pinboard 'index.php' SQL Injection Vuln_5 S
HTTP Joomla! Pinterest Clone Social Pinboard 'index.php' SQL Injection Vuln_6 S
HTTP Kaltura - Remote PHP Code Execution over Cookie (Metasploit) S
HTTP KeystoneJS CSRF Vuln (From Server) S
HTTP KeystoneJS CSRF Vuln (To Server) S
HTTP KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection S
HTTP Laravel Log Viewer 0.13.0 - Local File Download S
HTTP LiveCRM SaaS Cloud 'index.php' SQL Injection Vuln S
HTTP ManageEngine Applications Manager 13.5 - Remote Code Execution (Metasploit) S
HTTP Microsoft Edge Chakra - 'JavascriptGeneratorFunctionGetPropertyBuiltIns' Type Confusion S
HTTP Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes S
HTTP Microsoft Edge Chakra JIT - Incorrect Bounds Calculation S
HTTP Microsoft Edge Chakra JIT - Out-of-Bounds Write S
HTTP Microsoft Edge Chakra JIT - Stack-to-Heap Copy S
HTTP Microsoft Windows - Multiple Use-After-Free Issues in jscript Array Methods S
HTTP MiniCMS 'conf.php' CSRF Vuln (From Server) S
HTTP MiniCMS 'conf.php' CSRF Vuln (To Server) S
HTTP Parallels Remote Application Server 15.5 - Path Traversal S
HTTP Photography CMS (Add Admin) CSRF Vuln (From Server) S
HTTP Photography CMS (Add Admin) CSRF Vuln (To Server) S
HTTP Professional Local Directory Script 'sellers_subcategories.php' SQL Injection Vuln S
HTTP Professional Local Directory Script 'suppliers.php' SQL Injection Vuln S
HTTP Professional Local Directory Script 'suppliers.php' SQL Injection Vuln_1 S
HTTP PSNews Website 'index.php' SQL Injection Vuln S
HTTP Routers2 'routers2.pl' Cross Site Scripting Vuln S
HTTP Seagate Personal Cloud - 'getLogs.psp' Remote Command Execution S
HTTP Seagate Personal Cloud - 'uploadTelemetry.psp' Remote Command Execution S
HTTP SecurEnvoy SecurMail 'getmessage.exe' Cross Site Scripting Vuln (From Server) S
HTTP SecurEnvoy SecurMail 'getmessage.exe' Cross Site Scripting Vuln (To Server) S
HTTP SecurEnvoy SecurMail 'getmessage.exe' Directory Traversal Vuln S
HTTP SugarCRM 'index.php' Cross Site Scripting Vuln S
HTTP TechsolSystem Joomla! Component File Download Tracker 'index.php' SQL Injection Vuln S
HTTP TechsolSystem Joomla! Component File Download Tracker 'index.php' SQL Injection Vuln_1 S
HTTP Tenda N11 Wireless Router 5.07.43_en_NEX01 - Remote DNS Change S
HTTP Transmission - RPC DNS Rebinding S
HTTP TwonkyMedia Server 'Servername' Cross Site Scripting Vuln S
HTTP TwonkyMedia Server 7.0.11-8.5 - Directory Traversal S
HTTP UserSpice 'bio' Cross Site Scripting Vuln S
HTTP WampServer 'virtual_del' CSRF Vuln (From Server) S
HTTP WampServer 'virtual_del' CSRF Vuln (To Server) S
HTTP WebKit - 'detachWrapper' Use-After-Free S
HTTP WordPress Plugin Relevanssi 'options-general.php' Cross Site Scripting Vuln S
HTTP Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion S
HTTP Yahei PHP Prober 'proberv.php' Cross Site Scripting Vuln S
HTTP YzmCMS 'index.php' Cross Site Scripting Vuln S
HTTP YzmCMS 'index.php' Cross Site Scripting Vuln_1 S
HTTP YzmCMS 'index.php' Cross Site Scripting Vuln_2 S
HTTP Z-BlogPHP 'cmd.php' Cross Site Scripting Vuln S
HTTP Z-BlogPHP 'cmd.php' Cross Site Scripting Vuln_1 S
TCP Softros Network Time System Server 2.3.4 - Denial of Service S
UDP Kamailio 5.1.1 5.1.0 5.0.0 - Off-by-One Heap Overflow S
WebLog Expert Enterprise 9.4 - Denial of Service S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.