Search

Traffic File Update - May 2018

This Traffic IQ Professional update for May 2018 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for May 2018

148 Application Exploits

Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability S
HTTP 99robots Wordpress Background Takeover 'download.php' Directory Traversal Vuln S
HTTP Adobe Flash - Info Leak in Image Inflation S
HTTP Adobe Flash - Out-of-Bounds Write in blur Filtering S
HTTP Adobe Flash - Overflow in Slab Rendering S
HTTP Adobe Flash - Overflow when Playing Sound S
HTTP Adobe Flash 28.0.0.161 - Use-After-Free S
HTTP Apache Struts 2.0.1 2.3.33 2.5 2.5.10 - Arbitrary Code Execution S
HTTP Bacula-Web 'client-report.php' SQL Injection Vuln S
HTTP Bacula-Web 'provided jobs.php' SQL Injection Vuln S
HTTP Chrome V8 - 'PropertyArray' Integer Overflow S
HTTP Chrome V8 - 'TranslatedStateMaterializeCapturedObjectAt' Type Confusion S
HTTP Chrome V8 JIT - 'AwaitedPromise' Update Bug S
HTTP Chrome V8 JIT - 'NodePropertiesInferReceiverMaps' Type Confusion S
HTTP ClipBucket - beats_uploader Unauthenticated Arbitrary File Upload (Metasploit) S
HTTP D-Link DIR-850L Wireless AC1200 Gigabit Cloud Router - 'category_view' Auth Bypass S
HTTP D-Link DIR-850L Wireless AC1200 Gigabit Cloud Router - 'folder_view' Auth Bypass S
HTTP Dell EMC Avamar and Integrated DPA Installation Manager - Unauthenticated Log Download S
HTTP Dell EMC Avamar and Integrated DPA Installation Manager - Unauthenticated Supp Password S
HTTP Dell EMC Avamar and Integrated DPA Installation Manager - Unauthenticated User Add S
HTTP DLink DIR-601 - Admin Password Disclosure S
HTTP DODOCOOL DC38 Mini Wireless Range Extend (Change WiFi Config) CSRF Vuln (From Server) S
HTTP DODOCOOL DC38 Mini Wireless Range Extend (Change WiFi Config) CSRF Vuln (To Server) S
HTTP DODOCOOL DC38 Mini Wireless Range Extend (edit user details) CSRF Vuln (From Server) S
HTTP DODOCOOL DC38 Mini Wireless Range Extend (edit user details) CSRF Vuln (To Server) S
HTTP DotNetNuke DNNarticle Module 11 - Directory Traversal S
HTTP Drupal 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit) S
HTTP Drupal 8.3.9 8.4.6 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Metasploit) S
HTTP Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure S
HTTP Duplicator plugin for WordPress 'view.step4.php' Cross Site Scripting Vuln S
HTTP Enalean Tuleap 'criteria' SQL Injection Vuln S
HTTP Ericsson-LG iPECS NMS A.1Ac - Login Page SQL Injection S
HTTP Event Manager 'event.php' SQL Injection Vuln S
HTTP Event Manager 'page.php' SQL Injection Vuln S
HTTP Fancy Clone Script 'search_browse_product' SQL Injection Vuln S
HTTP Google Chrome V8 - 'ElementsAccessorBaseCollectValuesOrEntriesImpl' Type Confusion S
HTTP Google Chrome V8 - 'GenesisInitializeGlobal' Out-of-Bounds ReadWrite S
HTTP GPON Routers - Authentication Bypass S
HTTP GPON Routers - Command Injection S
HTTP Homematic CCU2 2.29.23 - Arbitrary File Write S
HTTP Homematic CCU2 2.29.23 - Remote Command Execution S
HTTP HRSALE The Ultimate HRM 'award_id' SQL Injection Vuln S
HTTP IceWarp Mail Server 'css.php' Directory Traversal Vuln S
HTTP IceWarp Mail Server 'index.php' Directory Traversal Vuln S
HTTP IceWarp Mail Server 'index.php' Directory Traversal Vuln_1 S
HTTP Joomla! Component CP Event Calendar 'index.php' SQL Injection Vuln S
HTTP Joomla! Component jDownloads 'moxie.swf' Cross Site Scripting Vuln S
HTTP Joomla! Component JE PayperVideo 'index.php' SQL Injection Vuln (From Server) S
HTTP Joomla! Component JE PayperVideo 'index.php' SQL Injection Vuln (To Server) S
HTTP Joomla! Component JEXTN Classified 'index.php' SQL Injection Vuln S
HTTP Joomla! Component JEXTN Membership 'index.php' SQL Injection Vuln (From Server) S
HTTP Joomla! Component JEXTN Membership 'index.php' SQL Injection Vuln (To Server) S
HTTP Joomla! Component JEXTN Reverse Auction 'index.php' SQL Injection Vuln S
HTTP Joomla! Component JMS Music 'index.php' SQL Injection Vuln S
HTTP Joomla! Component JMS Music 'index.php' SQL Injection Vuln_1 S
HTTP Joomla! Component JMS Music 'index.php' SQL Injection Vuln_2 S
HTTP Joomla! Component JSP Tickets 'index.php' SQL Injection Vuln S
HTTP Joomla! Component JSP Tickets 'index.php' SQL Injection Vuln_1 S
HTTP Joomla! Component JSP Tickets 'ticketcode' SQL Injection Vuln S
HTTP Joomla! Component Visual Calendar 'index.php' SQL Injection Vuln S
HTTP Joomla! Component Zh BaiduMap 'index.php' SQL Injection Vuln (From Server) S
HTTP Joomla! Component Zh BaiduMap 'index.php' SQL Injection Vuln (To Server) S
HTTP Joomla! Component Zh BaiduMap 'index.php' SQL Injection Vuln_1 (From Server) S
HTTP Joomla! Component Zh BaiduMap 'index.php' SQL Injection Vuln_1 (To Server) S
HTTP Joomla! Component Zh BaiduMap 'index.php' SQL Injection Vuln_2 (From Server) S
HTTP Joomla! Component Zh BaiduMap 'index.php' SQL Injection Vuln_2 (To Server) S
HTTP Joomla! Component Zh BaiduMap 'index.php' SQL Injection Vuln_3 (From Server) S
HTTP Joomla! Component Zh BaiduMap 'index.php' SQL Injection Vuln_3 (To Server) S
HTTP Joomla! Component Zh GoogleMap 'index.php' SQL Injection Vuln (From Server) S
HTTP Joomla! Component Zh GoogleMap 'index.php' SQL Injection Vuln (To Server) S
HTTP Joomla! Component Zh GoogleMap 'index.php' SQL Injection Vuln_1 (From Server) S
HTTP Joomla! Component Zh GoogleMap 'index.php' SQL Injection Vuln_1 (To Server) S
HTTP Joomla! Component Zh GoogleMap 'index.php' SQL Injection Vuln_2 (From Server) S
HTTP Joomla! Component Zh GoogleMap 'index.php' SQL Injection Vuln_2 (To Server) S
HTTP Joomla! Component Zh YandexMap 'index.php' SQL Injection Vuln (From Server) S
HTTP Joomla! Component Zh YandexMap 'index.php' SQL Injection Vuln (To Server) S
HTTP LifeSize ClearSea 3.1.4 - 'CDRS_BROWSE_GRID' Directory Traversal S
HTTP LifeSize ClearSea 3.1.4 - 'LOGS_BROWSE_GRID' Directory Traversal S
HTTP LifeSize ClearSea 3.1.4 - Authentication Bypass S
HTTP LifeSize ClearSea 3.1.4 - File Upload S
HTTP Mantis 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit) S
HTTP Matrimonial Website Script 'view-profile.php' SQL Injection Vuln S
HTTP Microsoft Internet Explorer 11.371.16299.0 (Windows 10) - Denial Of Service S
HTTP Microsoft Office - Dynamic Data Exchange 'DDE' Payload Delivery (Metasploit) S
HTTP Monstra CMS 3.0.4 - Arbitrary Folder Deletion S
HTTP MySQL Squid Access Report 'index.php' Cross Site Scripting Vuln S
HTTP NAT32 2.2 Build 22284 - Remote Command Execution S
HTTP Ncomputing vSpace Pro 10-11 - Directory Traversal S
HTTP NixCMS 'single.php' SQL Injection Vuln S
HTTP Online Test Script 'cid' SQL Injection Vuln S
HTTP osCommerce 2.3.4.1 - Remote Code Execution S
HTTP PACSOne Server 'userSignup.php' SQL Injection Vuln S
HTTP PACSOne Server 'userSignup.php' SQL Injection Vuln_1 S
HTTP PHP Scripts Mall Multilanguage Real Estate MLM Script 'srch' SQL Injection Vuln S
HTTP PHP Scripts Mall Naukri Clone Script 'searchresult.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Paypal Money Transfer Clone Script 'acctype' SQL Injection Vuln S
HTTP PHP Scripts Mall Paypal Money Transfer Clone Script 'id' SQL Injection Vuln S
HTTP Primefaces 5.x - Remote Code Execution (Metasploit) S
HTTP ProcessMaker - Plugin Upload (Metasploit) S
HTTP PRTG Network Monitor 18.1.39.1648 - Stack Overflow (Denial of Service) S
HTTP Redaxo CMS Addon MyEvents 'index.php' SQL Injection Vuln S
HTTP Rvsitebuilder CMS - Database Backup Download S
HTTP Secutech RiS-11RiS-22RiS-33 - Remote DNS Change S
HTTP SimpleCE 'index.php' Cross Site Scripting Vuln S
HTTP SimpleCE 'index.php' CSRF (Add Admin User) Vuln (From Server) S
HTTP SimpleCE 'index.php' CSRF (Add Admin User) Vuln (To Server) S
HTTP SimpleCE 'index.php' CSRF (Modify User) Vuln (From Server) S
HTTP SimpleCE 'index.php' CSRF (Modify User) Vuln (To Server) S
HTTP TBK DVR4104 DVR4216 - Credentials Leak S
HTTP Tenda FH303A300 Firmware v5.07.68_EN - Remote DNS Change S
HTTP Tenda W3002RA302w309r Wireless Router v5.07.64_en - Remote DNS Change (PoC) S
HTTP Tenda W308R v2 Wireless Router 5.07.48 - Cookie Session Weakness Remote DNS Change S
HTTP Tenda W316R Wireless Router 5.07.50 - Remote DNS Change S
HTTP TextPattern 'index.php' SQL Injection Vuln S
HTTP TmdStudio Real Estate Custom Script 'index.php' SQL Injection Vuln S
HTTP TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Config File Disclosure S
HTTP TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - System Log Disclosure S
HTTP TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Unauthenticated Remote Reboot S
HTTP Trend Micro Control Manager - ImportFile Directory Traversal RCE (Metasploit) S
HTTP Vastal I-Tech Buddy Zone 'chat_window.php' SQL Injection Vuln S
HTTP Vastal I-Tech Buddy Zone 'search_events.php' SQL Injection Vuln S
HTTP VideoFlow Digital Video Protection (DVP) 2.10 - Directory Traversal S
HTTP VLC Media PlayerKodiPopcornTime 'Red Chimera' 2.2.5 - Memory Corruption (PoC) S
HTTP WebKit - 'WebCoreFrameViewclientToLayoutViewportPoint' Use-After-Free S
HTTP WebKit - WebAssembly Parsing Does not Correctly Check Section Order S
HTTP Western Bridge Cobub Razor 'channel_name' SQL Injection Vuln S
HTTP Western Bridge Cobub Razor 'platform' SQL Injection Vuln S
HTTP Western Bridge Cobub Razor (Add New Superuser) Bypass Security Vuln (From Server) S
HTTP Western Bridge Cobub Razor (Add New Superuser) Bypass Security Vuln (To Server) S
HTTP WolfCMS (Change plugin settings) Cross Site Request Forgery Vuln (From Server) S
HTTP WolfCMS (Change plugin settings) Cross Site Request Forgery Vuln (To Server) S
HTTP WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution S
HTTP WordPress Plugin Google Drive 2.2 - Remote Code Execution S
HTTP WordPress Plugin WP with Spritz 1.0 - Directory Traversal S
HTTP WordPress Plugin WP with Spritz 1.0 - Open Redirect S
HTTP WpDevArt Polls plugin for WordPress 'fornt_end.php' SQL Injection Vuln S
HTTP WUZHI CMS 'index.php' CSRF Vuln (From Server) S
HTTP WUZHI CMS 'index.php' CSRF Vuln (To Server) S
HTTP Z-Blog 1.5.1.1740 - Admin (footer, header, top, left) Full Path Disclosure S
Kaspersky KSN for Linux 5.2 - Memory Corruption S
Malware GET Request Associated with Trickbot Malware (185.159.130.139 - table.png) S
Malware GET Request Associated with Trickbot Malware (185.159.130.139 - toler.png) S
Malware GET Request Associated with Trickbot Malware (basedow-bilder.de) S
Malware GET Request Associated with Trickbot Malware (ipecho.net) S
Malware TLS Traffic Associated with Trickbot Malware (191.6.18.166 port 449) S
Malware TLS Traffic Associated with Trickbot Malware (92.53.67.190 port 447) S
MikroTik 6.41.4 - FTP daemon Denial of Service PoC S
Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.