Search

Traffic File Update - January 2018

This Traffic IQ Professional update for January 2018 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for January 2018

195 Application Exploits

ALLMediaServer 0.95 - Buffer Overflow (Metasploit) S
ALLMediaServer 0.95 - Buffer Overflow S
Apache Struts Jakarta - Multipart Parser OGNL Injection (Metasploit) S
AudioCoder 0.8.46 - Local Buffer Overflow (SEH) S
Cambium ePMP1000 - 'get_chart' Shell via Command Injection (Metasploit) S
Cambium ePMP1000 - 'ping' Shell via Command Injection (Metasploit) S
Commvault Communications Service (cvd) - Command Injection (Metasploit) S
D-Link DIR-850L - Unauthenticated OS Command Execution (Metasploit) S
Disk Sorter Enterprise 9.5.12 - 'GET' Buffer Overflow (SEH) S
DiskBoss Enterprise 8.8.16 - Buffer Overflow S
Endian Firewall 3.0.0 - OS Command Injection (Metasploit) S
FTP Cerberus FTP Server 8.0.10.3 - 'MLST' Buffer Overflow S
FTPShell Client 6.53 - Buffer Overflow S
Gemtek CPE7000 - WLTCS-106 Administrator SID Retriever (Metasploit) S
Gemtek CPE7000 - WLTCS-106 sysconf.cgi Unauthenticated Remote Command Execution (Metasploit) S
Git 2.7.5 - Command Injection (Metasploit) S
HP Mercury LoadRunner Agent magentproc.exe - Remote Command Execution (Metasploit) S
HPE iMC - dbman RestartDB Unauthenticated Remote Command Execution (Metasploit) S
HPE iMC - dbman RestoreDB Unauthenticated Remote Command Execution (Metasploit) S
HTTP Abservetech AirStar Airbnb Clone Script 'room_id' SQL Injection Vuln S
HTTP Abyss Web Server 2.11.6 - Heap Memory Corruption S
HTTP Adobe Flash - ATF Parser Heap Corruption S
HTTP Adobe Flash - AVC Edge Processing Out-of-Bounds Read S
HTTP Advance Online Learning Management Script 'courselist.php' SQL Injection Vuln S
HTTP Advance Online Learning Management Script 'courselist.php' SQL Injection Vuln_1 S
HTTP Advertiz PHP Script (Update Admin Password) CSRF Vuln (From Server) S
HTTP Advertiz PHP Script (Update Admin Password) CSRF Vuln (To Server) S
HTTP Advertiz PHP Script (Update Admin Username) CSRF Vuln (From Server) S
HTTP Advertiz PHP Script (Update Admin Username) CSRF Vuln (To Server) S
HTTP Affiliate MLM Script 'product-category.php' SQL Injection Vuln S
HTTP AROX School ERP PHP Script 'id' SQL injection Vuln S
HTTP Article Directory Script 'author.php' SQL Injection Vuln S
HTTP Article Directory Script 'category.php' SQL Injection Vuln S
HTTP BarcodeWiz ActiveX Control 6.7 - 'BottomText' Buffer Overflow (PoC) S
HTTP BarcodeWiz ActiveX Control 6.7 - 'TopText' Buffer Overflow (PoC) S
HTTP Bekirk CmsLite 'index.php' SQL Injection Vuln S
HTTP BitmixSoft PHP-Lance 'show.php' SQL Injection Vuln S
HTTP BitmixSoft PHP Jokesite 'print.php' SQL Injection Vuln S
HTTP Claymore Dual ETH + DCRSCLBCPASC GPU Miner - Stack Buffer Overflow S
HTTP CodesGit Smart Chat 'admin.php' SQL Injection Vuln S
HTTP CodesGit Smart Chat 'index.php' SQL Injection Vuln S
HTTP Disk Pulse Enterprise 10.1.18 - Buffer Overflow S
HTTP Diving Log 6.0 - XML External Entity Injection S
HTTP DomainZaar D-Park Pro 'loginform.php' SQL Injection Vuln (From Server) S
HTTP DomainZaar D-Park Pro 'loginform.php' SQL Injection Vuln (To Server) S
HTTP Dynamic Newspaper, Magazine and Blog CMS Script 'admin_process.php' SQL Injection Vuln S
HTTP Dynamic Newspaper, Magazine and Blog CMS Script 'admin_process.php' SQL Injection Vuln_1 S
HTTP Firefox 54.0.1 - Denial of Service S
HTTP Fortune Scripts Expedia Clone 'content.php' SQL Injection Vuln S
HTTP Fortune Scripts Expedia Clone 'pages.php' SQL Injection Vuln S
HTTP Fortune Scripts Expedia Clone 'show-flight-result.php' SQL Injection Vuln S
HTTP Fortune Scripts Expedia Clone 'show-flight-result.php' SQL Injection Vuln_1 S
HTTP GetGo Download Manager 5.3.0.2712 - Buffer Overflow S
HTTP ITGuard-Manager 0.0.0.1 - Remote Code Execution S
HTTP Jenkins - XStream Groovy classpath Deserialization (Metasploit) S
HTTP Kony EMM 4.2.0 Private Key Disclosure S
HTTP Lansweeper 6.0.100.29 XXE Injection S
HTTP Lexmark Scan To Network (SNF) 3.2.9 Information Disclosure S
HTTP Linksys WVBR0 - 'User-Agent' Remote Command Injection S
HTTP Matrimony Script 'homeads.php' SQL Injection Vuln S
HTTP Matrimony Script 'wedding.php' SQL Injection Vuln S
HTTP Matrimony Script 'wedding.php' SQL Injection Vuln_1 S
HTTP MetInfo CVE-2017-6878 HTML Injection Vulnerability S
HTTP Microsoft Edge Chakra JIT - 'BailOutOnTaggedValue' Bailouts Type Confusion S
HTTP Microsoft Edge Chakra JIT - 'GlobOptOptTagChecks' IsLoopPrePass S
HTTP Microsoft Edge Chakra JIT - 'InlineInlineCallApplyTarget_Shared' return instruction S
HTTP Microsoft Internet Explorer 11 - 'jscript!JSONStringifyObject' Use-After-Free S
HTTP Microsoft Windows - 'jscript!JsArraySlice' Uninitialized Variable S
HTTP Microsoft Windows - 'jscript!NameTblGetValDef' Use-After-Free S
HTTP Microsoft Windows - 'jscript!RegExpFncObjLastParen' Out-of-Bounds Read S
HTTP Microsoft Windows - jscript.dll 'Array.sort' Heap Overflow S
HTTP MVC FineCMS 'get_image.php' Cross Site Scripting Vuln S
HTTP MVC FineCMS 'get_stat_data.php' SQL Injection Vuln S
HTTP MVC FineCMS 'index.php' Cross Site Scripting Vuln S
HTTP MVC FineCMS 'index.php' SQL Injection Vuln S
HTTP MyBB 'index.php' Cross Site Scripting Vuln (From Server) S
HTTP MyBB 'index.php' Cross Site Scripting Vuln (To Server) S
HTTP MyBuilder Clone 'phpsqlsearch_genxml.php' SQL Injection Vuln S
HTTP MyMagazine Magazine & Blog CMS 'admin_process.php' SQL Injection Vuln S
HTTP MyMagazine Magazine & Blog CMS 'admin_process.php' SQL Injection Vuln_1 S
HTTP Nelliwinne PHP Search Engine 'admin-delete.php' SQL Injection Vuln S
HTTP Nelliwinne PHP Search Engine 'go.php' SQL Injection Vuln S
HTTP NetTransport 2.96L - Buffer Overflow (DEP Bypass) S
HTTP Nitro Pro PDF Reader 11.0.3.173 - Javascript API Code Execution (Metasploit) S
HTTP OctoberCMS CSRF Vuln (From Server) S
HTTP OctoberCMS CSRF Vuln (To Server) S
HTTP Online Invoice System 'admin_invoice.php' SQL Injection Vuln S
HTTP Online Invoice System 'admin_invoice_print.php' SQL Injection Vuln S
HTTP Online Invoice System 'editclient.php' SQL Injection Vuln S
HTTP Online Invoice System 'edit_invoice.php' SQL Injection Vuln S
HTTP Pay Banner Text Link Ad 'index.php' SQL Injection Vuln S
HTTP Pay Banner Text Link Ad 'index.php' SQL Injection Vuln_1 S
HTTP Pay Banner Text Link Ad (Update Admin Password) CSRF (From Server) Vuln S
HTTP Pay Banner Text Link Ad (Update Admin Password) CSRF (To Server) Vuln S
HTTP Pay Banner Text Link Ad (Update Admin Username) CSRF (From Server) Vuln S
HTTP Pay Banner Text Link Ad (Update Admin Username) CSRF (To Server) Vuln S
HTTP PHP CityPortal 'index.php' SQL Injection Vuln S
HTTP PHP Coupon Script 'index.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Advance B2B Script 'tradeshow-list-detail.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Advance B2B Script 'view-product.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Basic B2B Script 'productcompanyinfo.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Basic B2B Script 'product_details.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Basic B2B Script 'product_view1.php' SQL Injection Vuln S
HTTP Posty Readymade Classifieds Script 'ads-details.php' SQL Injection Vuln S
HTTP Posty Readymade Classifieds Script 'listings.php' SQL Injection Vuln S
HTTP Protected Links Expiring Download Links 'index.php' SQL Injection Vuln (From Server) S
HTTP Protected Links Expiring Download Links 'index.php' SQL Injection Vuln (To Server) S
HTTP Readymade Video Sharing Script 3.2 - HTML Injection S
HTTP Responsive News, Magazine and Blog CMS Script 'admin_process.php' SQL Injection Vuln S
HTTP Responsive News, Magazine and Blog CMS Script 'admin_process.php' SQL Injection Vuln_1 S
HTTP ROCKYNU PHP Video Battle Script 'videobattle.html' SQL Injection Vuln S
HTTP ROCKYNU PHP Video Battle Script 'videobattle.html' SQL Injection Vuln_1 S
HTTP rowindex.com US Zip Codes Database 'index.php' SQL Injection Vuln S
HTTP Same Sex Dating Software Pro 'viewmessage.php' SQL Injection Vuln S
HTTP Same Sex Dating Software Pro 'viewprofile.php' SQL Injection Vuln S
HTTP SAP Adaptive Server Enterprise Denial of Service Vulnerability S
HTTP Scriptzee Online Print Business 'info.php' SQL Injection Vuln S
HTTP Scriptzee Online Print Business 'product-decs.php' SQL Injection Vuln S
HTTP Scriptzee My Builder Marketplace 'start_date' SQL Injection Vuln S
HTTP Scriptzee Professional Service Booking 'alllikes.php' SQL Injection Vuln S
HTTP Scriptzee Professional Service Booking 'best_pro_details.php' SQL Injection Vuln S
HTTP Scriptzee Professional Service Booking 'content.php' SQL Injection Vuln S
HTTP Scriptzee Restaurant Website Script 'cms.php' SQL Injection Vuln S
HTTP Scriptzee Restaurant Website Script 'contact.php' SQL Injection Vuln S
HTTP Shareet Photo Sharing Social Network 'photo' SQL Injection Vuln S
HTTP Shedix Mailing List Manager Pro 'edit' SQL Injection Vuln S
HTTP Shedix Mailing List Manager Pro 'edit' SQL Injection Vuln_1 S
HTTP SoftDatepro Dating Social Network 'viewmessage.php' SQL Injection Vuln S
HTTP SoftDatepro Dating Social Network 'viewprofile.php' SQL Injection Vuln S
HTTP Sokial Social Network Script 'members_view.php' SQL Injection Vuln S
HTTP Stalker Software CommuniGatePro Cross Site Scripting Vuln S
HTTP Subsonic 6.1.1 - Internet Radio Settings SSRF S
HTTP Subsonic 6.1.1 - Subscribe to Podcast SSRF S
HTTP Suraj Kumar Online Quiz Project 'result.php' SQL Injection Vuln S
HTTP Suraj Kumar Photogallery Project 'edit_profile_img.php' SQL Injection Vuln S
HTTP Suraj Kumar Photogallery Project 'page.php' SQL Injection Vuln S
HTTP Sync Breeze 10.2.12 - Denial of Service S
HTTP Techno Portfolio Management Panel 'single.php' SQL Injection Vuln S
HTTP Telesquare SKT LTE Router SDT-CS3B1 - Denial of Service S
HTTP The Car Project 'info.php' SQL Injection Vuln S
HTTP Tuleap 9.6 Second-Order PHP Object Injection S
HTTP Ultimate HR System Directory Traversal Vuln S
HTTP Vastal I-Tech Agent Zone 'searchCommercial.php' SQL Injection Vuln S
HTTP Vastal I-Tech Agent Zone 'searchCommercial.php' SQL Injection Vuln_1 S
HTTP Vastal I-Tech Agent Zone 'searchCommercial.php' SQL Injection Vuln_2 S
HTTP Vastal I-Tech Agent Zone 'searchResidential.php' SQL Injection Vuln S
HTTP Vastal I-Tech Agent Zone 'searchResidential.php' SQL Injection Vuln_1 S
HTTP Vastal I-Tech Agent Zone 'searchResidential.php' SQL Injection Vuln_2 S
HTTP Vastal I-Tech Dating Zone 'add_to_cart.php' SQL Injection Vuln S
HTTP Vlad Alexa Mancini Apache2Triad 'Add User' CSRF (From Server) Vuln S
HTTP Vlad Alexa Mancini Apache2Triad 'Add User' CSRF (To Server) Vuln S
HTTP Vlad Alexa Mancini Apache2Triad 'Create Password' CSRF (From Server) Vuln S
HTTP Vlad Alexa Mancini Apache2Triad 'Create Password' CSRF (To Server) Vuln S
HTTP Vlad Alexa Mancini Apache2Triad 'Delete User' CSRF (From Server) Vuln S
HTTP Vlad Alexa Mancini Apache2Triad 'Delete User' CSRF (To Server) Vuln S
HTTP Vlad Alexa Mancini Apache2Triad 'users.php' Cross Site Scripting (From Server) Vuln S
HTTP Vlad Alexa Mancini Apache2Triad 'users.php' Cross Site Scripting (To Server) Vuln S
HTTP Watchguard Firebox XTM External Entity Expansion DoS S
HTTP Watchguard Firebox XTM RPC User Enumeration S
HTTP WebKit JSC - 'BytecodeGeneratoremitGetByVal' Incorrect Optimization S
HTTP Website Broker Script 'status_list.php' SQL Injection Vuln S
HTTP WebsiteScripts.org Fake Magazine Cover Script 'content.php' SQL Injection Vuln S
HTTP WebsiteScripts.org Fake Magazine Cover Script 'rate.php' SQL Injection Vuln S
HTTP Western Digital MyCloud - 'multi_uploadify' File Upload (Metasploit) S
HTTP WordPress Duplicator Migration 'view.step2.php' Cross Site Scripting Vuln S
HTTP WordPress Duplicator Migration 'view.step4.php' Cross Site Scripting Vuln S
HTTP WordPress Plugin JTRT Responsive Tables SQL Injection Vuln (From Server) S
HTTP WordPress Plugin JTRT Responsive Tables SQL Injection Vuln (To Server) S
HTTP WordPress Ultimate Instagram Feed plugin 'uif-access-token-display' XSS Vuln S
HTTP WordPress WP Mailster 'unsubscribe2.php' Cross Site Scripting Vuln S
HTTP Ynet Interactive SOA School Management 'Assignment.php' SQL Injection Vuln S
HTTP Ynet Interactive SOA School Management 'Fee.php' SQL Injection Vuln S
HTTP Ynet Interactive SOA School Management 'session_exam.php' SQL Injection Vuln S
HTTP Ynet Interactive SOA School Management 'Transaction.php' SQL Injection Vuln S
HTTP Ynet Interactive SOA School Management 'usersession_exam.php' SQL Injection Vuln S
HTTP Ynet Interactive SOA School Management 'YearBook.php' SQL Injection Vuln S
HTTP ZeeBuddy 2x 'editadgroup.php' SQL Injection Vuln S
HTTP Zoom Linux Client 2.0.106600.0904 - Command Injection S
IBM WebSphere - RCE Java Deserialization (Metasploit) S
IPFire 2.19 Update Core 110 - Remote Code Execution (Metasploit) S
LabF nfsAxe 3.7 FTP Client - Stack Buffer Overflow (Metasploit) S
LabF nfsAxe FTP Client 3.7 - Buffer Overflow (DEP Bypass) S
osCommerce 2.3.4.1 - Arbitrary File Upload S
pfSense - Authenticated Group Member Remote Command Execution (Metasploit) S
pfSense 2.4.1 - Cross-Site Request Forgery Error Page Clickjacking (Metasploit) S
phpCollab 2.5.1 - Unauthenticated File Upload (Metasploit) S
Siemens Simatic S7 1200 CPU Command Module (Metasploit) S
SMTP SysGauge 1.5.18 - Buffer Overflow S
Spectre Intel x86 CPU Information Leak Using Speculative Execution S
Spectre Javascript Information Leak Using Speculative Execution S
Supervisor 3.0 a1 - 3.3.2 - XML-RPC Authenticated Remote Code Execution (Metasploit) S
SysGauge Server 3.6.18 - Buffer Overflow S
SysGauge Server 3.6.18 - Denial of Service S
Unitrends UEB 9 - http api-storage Remote Root (Metasploit) S
Xplico - Remote Code Execution (Metasploit) S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.