Search

Traffic File Update - December 2016

This Traffic IQ Professional update for December 2016 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for December 2016

146 Application Exploits

Blacknurse Low Bandwidth Denial of Service Vulnerability S
HTTP ARG-W4 ADSL Router CSRF (Change DNS) Vulnerability (From Server) S
HTTP ARG-W4 ADSL Router CSRF (Change DNS) Vulnerability (To Server) S
HTTP Atbox.io Open Redirect S
HTTP Atlassian Confluence AppFusions Doxygen 1.3.0 - Directory Traversal S
HTTP AVTECH IP Camera NVR and DVR Devices - '.cab' Authentication Bypass S
HTTP AVTECH IP Camera NVR and DVR Devices - 'adcommand.cgi' Command Injection S
HTTP AVTECH IP Camera NVR and DVR Devices - 'CloudSetup.cgi' Command Injection S
HTTP AVTECH IP Camera NVR and DVR Devices - 'Machine.cgi' Information Disclosure S
HTTP AVTECH IP Camera NVR and DVR Devices - 'nobody' Authentication Bypass S
HTTP AVTECH IP Camera NVR and DVR Devices - 'PwdGrp.cgi' Command Injection S
HTTP AVTECH IP Camera NVR and DVR Devices - 'Search.cgi' Command Injection S
HTTP AVTECH IP Camera NVR and DVR Devices - Login Captcha Bypass S
HTTP AXIS Multiple Products - Authenticated Remote Command Execution via devtools Vector S
HTTP BelliniSupercook Wi-Fi Yumi SC200 - Remote Command Execution S
HTTP BirdBlog entries.php CSRF (Add New Post) Vulnerability (From Server) S
HTTP BirdBlog entries.php CSRF (Add New Post) Vulnerability (To Server) S
HTTP Chaordic Search Cross Site Scripting Vulnerability S
HTTP ChatNow login.php SQL Injection Vulnerability S
HTTP Cisco Unified Communications Manager interface Directory Traversal Vulnerability S
HTTP Crestron AirMedia login.cgi Directory Traversal Vulnerability S
HTTP Davolink DV-2051 - 'srvName' Cross Site Scripting S
HTTP Davolink DV-2051 - Unauthenticated Admin Password Change CSRF S
HTTP Davolink DV-2051 - WPA2 Key Change CSRF S
HTTP Disk Pulse Enterprise 9.0.34 - 'Login' Buffer Overflow' (Metasploit) S
HTTP DiskBoss Enterprise 7.4.28 - 'GET' Buffer Overflow S
HTTP e107 Bootstrap CMS Cross Site Scripting Vulnerability S
HTTP e107 Bootstrap CMS Cross Site Scripting Vulnerability_1 S
HTTP e107 Bootstrap CMS CSRF Vulnerability (From Server) S
HTTP e107 Bootstrap CMS CSRF Vulnerability (To Server) S
HTTP EasyPHP Devserver 16.1.1 Cross Site Request Forgery RCE (From Server) S
HTTP EasyPHP Devserver 16.1.1 Cross Site Request Forgery RCE (To Server) S
HTTP Edge SkateShop - Authentication bypass S
HTTP EditMe CMS CSRF (Add New Admin) Vulnerability (From Server) S
HTTP EditMe CMS CSRF (Add New Admin) Vulnerability (To Server) S
HTTP Eir D1000 Wireless Router - WAN Side Remote Command Injection (Metasploit) S
HTTP InfraPower Cross Site Scripting Vulnerability S
HTTP InfraPower Cross Site Scripting Vulnerability_1 S
HTTP InfraPower PPS-02-S Q213V1 - 'ConnPort.php' Insecure Direct Object Reference S
HTTP InfraPower PPS-02-S Q213V1 - 'CSSSource.php' Insecure Direct Object Reference S
HTTP InfraPower PPS-02-S Q213V1 - 'dball.php' Insecure Direct Object Reference S
HTTP InfraPower PPS-02-S Q213V1 - 'doupgrate.php' Insecure Direct Object Reference S
HTTP InfraPower PPS-02-S Q213V1 - 'IPSettings.php' Insecure Direct Object Reference S
HTTP InfraPower PPS-02-S Q213V1 - 'ListFile.php' Insecure Direct Object Reference S
HTTP InfraPower PPS-02-S Q213V1 - 'Menu.php' Insecure Direct Object Reference S
HTTP InfraPower PPS-02-S Q213V1 - 'Ntp.php' Insecure Direct Object Reference S
HTTP InfraPower PPS-02-S Q213V1 - 'PDUDetails_Ajax_Details.php' Insecure Direct Object Ref S
HTTP InfraPower PPS-02-S Q213V1 - 'PDULog.php' Insecure Direct Object Reference S
HTTP InfraPower PPS-02-S Q213V1 - 'PortSettings.php' Insecure Direct Object Reference S
HTTP InfraPower PPS-02-S Q213V1 - 'production_test1.php' Insecure Direct Object Reference S
HTTP InfraPower PPS-02-S Q213V1 - 'UploadEXE.php' Insecure Direct Object Reference S
HTTP InfraPower PPS-02-S Q213V1 - Unauthenticated Remote Root Command Execution S
HTTP Jobberbase 2.0 - 'category' Local Path Disclosure S
HTTP Jobberbase 2.0 - 'count' Local Path Disclosure S
HTTP Jobberbase 2.0 - 'days_behind' Local Path Disclosure S
HTTP Jobberbase 2.0 - 'days_behind' SQL Injection S
HTTP Jobberbase 2.0 - 'random' Local Path Disclosure S
HTTP Jobberbase 2.0 - 'type' Local Path Disclosure S
HTTP JonhCMS go.php SQL Injection Vulnerability S
HTTP Joomla DT Register index.php SQL Injection Vulnerability S
HTTP Kodi Web Server 16.1 - Denial of Service S
HTTP Le Logicie Llibre Categorizator SQL injection Vulnerability S
HTTP Lepton add.php SQL injection Vulnerability S
HTTP Lepton index.php SQL injection Vulnerability S
HTTP Lepton tool.php SQL injection Vulnerability S
HTTP Maian Weblog CSRF (Add New Post) Vulnerability (From Server) S
HTTP Maian Weblog CSRF (Add New Post) Vulnerability (To Server) S
HTTP Memcached 1.4.33 - 'Add' PoC S
HTTP Memcached 1.4.33 - 'Crash' PoC S
HTTP Memcached 1.4.33 - 'sasl' PoC S
HTTP Micro Focus Filr 2 2.0.0.421, Filr 1.2 1.2.0.846 - CSRF RCE (From Server) S
HTTP Micro Focus Filr 2 2.0.0.421, Filr 1.2 1.2.0.846 - CSRF RCE (To Server) S
HTTP Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow S
HTTP Microsoft Edge - 'Function.apply' Information Leak (MS16-119) S
HTTP Microsoft Edge - JSON.parse Info Leak S
HTTP Microsoft Edge - Spread Operator Stack Overflow (MS16-119) S
HTTP MS Internet Explorer jscript9 - Java-Script-Stack-Walker Memory Corruption (MS15-056) S
HTTP My Little Forum XSS Vulnerability_10 (From Server) S
HTTP My Little Forum XSS Vulnerability_10 (To Server) S
HTTP My Little Forum XSS Vulnerability_11 (From Server) S
HTTP My Little Forum XSS Vulnerability_11 (To Server) S
HTTP My Little Forum XSS Vulnerability_3 (From Server) S
HTTP My Little Forum XSS Vulnerability_3 (To Server) S
HTTP My Little Forum XSS Vulnerability_4 (From Server) S
HTTP My Little Forum XSS Vulnerability_4 (To Server) S
HTTP My Little Forum XSS Vulnerability_5 (From Server) S
HTTP My Little Forum XSS Vulnerability_5 (To Server) S
HTTP My Little Forum XSS Vulnerability_6 (From Server) S
HTTP My Little Forum XSS Vulnerability_6 (To Server) S
HTTP My Little Forum XSS Vulnerability_7 (From Server) S
HTTP My Little Forum XSS Vulnerability_7 (To Server) S
HTTP My Little Forum XSS Vulnerability_8 (From Server) S
HTTP My Little Forum XSS Vulnerability_8 (To Server) S
HTTP My Little Forum XSS Vulnerability_9 (From Server) S
HTTP My Little Forum XSS Vulnerability_9 (To Server) S
HTTP OpenCimetiere Blind SQL Injection Vulnerability S
HTTP ownCloud 8.2.1 8.1.4 8.0.9 Information Exposure S
HTTP SAP NetWeaver AS Java NavigationURLTester Cross Site Scripting Vulnerability S
HTTP Schoolhos CMS 'kelas' SQL Injection Vulnerability S
HTTP Schoolhos CMS SQL Injection Vulnerability S
HTTP Shuttle Tech ADSL Wireless 920 WM - 'page' Cross Site Scripting S
HTTP Simple Forum PHP admin.php SQL Injection Vulnerability S
HTTP Simple Forum PHP admin.php SQL Injection Vulnerability_1 S
HTTP Simple Personal Message plugin for WordPress SQL Injection Vulnerability S
HTTP Simple Shopping Cart Application SQL Injection Vulnerability S
HTTP SweetRice Cross Site Request Forgery Vulnerability (From Server) S
HTTP SweetRice Cross Site Request Forgery Vulnerability (To Server) S
HTTP TP-LINK TD-W8951ND - Denial of Service S
HTTP WordPress Image Gallery Plugin Cross Site Scripting Vulnerability (From Server) S
HTTP WordPress Image Gallery Plugin Cross Site Scripting Vulnerability (To Server) S
HTTP WordPress Insert HTML Snippet CSRF Vulnerability (From Server) S
HTTP WordPress Insert HTML Snippet CSRF Vulnerability (To Server) S
HTTP WordPress MailChimp admin.php Cross Site Scripting Vulnerability S
HTTP Wordpress Plugin Answer My Question SQL Injection Vulnerability (From Server) S
HTTP Wordpress Plugin Answer My Question SQL Injection Vulnerability (To Server) S
HTTP Wordpress Plugin BBS e-Franchise SQL Injection Vulnerability S
HTTP WordPress Plugin Instagram Feed CSRF Vulnerability (From Server) S
HTTP WordPress Plugin Instagram Feed CSRF Vulnerability (To Server) S
HTTP Wordpress Plugin Olimometer SQL Injection Vulnerability S
HTTP Wordpress Plugin Product Catalog SQL Injection Vulnerability (From Server) S
HTTP Wordpress Plugin Product Catalog SQL Injection Vulnerability (To Server) S
HTTP Wordpress Plugin Sirv SQL Injection Vulnerability (From Server) S
HTTP Wordpress Plugin Sirv SQL Injection Vulnerability (To Server) S
HTTP X5 Webserver 5.0 Remote Denial Of Service S
HTTP Xfinity Gateway - Remote Code Execution S
Malware DNS Request (TCP) for domain related to Chthonic Trojan (pationare.bit) S
Malware DNS Request for domain related to Chthonic Trojan (pationare.bit) S
Malware DNS Request for domain related to Sundown EK (ah.0346.mobi) S
Malware DNS Request for domain related to Sundown EK (fp.0498.mobi) S
Malware DNS Request for domain related to Sundown EK (iw.0541.mobi) S
Malware DNS Request for domain related to Sundown EK (mu.0547.mobi) S
Malware DNS Request for domain related to Sundown EK (sof.0144.mobi) S
Malware DNS Request for domain related to Sundown EK (zwh.0142.mobi) S
Malware DNS Request for domain related to Terdot-A-Zloader (settledness.ru) S
Malware GET Request for Exploit File Related to Sundown EK (ah.0346.mobi) S
Malware GET Request for Exploit File Related to Sundown EK (fp.0498.mobi) S
Malware GET Request for Exploit File Related to Sundown EK (iw.0541.mobi) S
Malware GET Request for Payload Related to Sundown EK (sof.0144.mobi) S
Malware GET Request for Payload Related to Sundown EK (sof.0144.mobi)_1 S
Malware GET Request for Payload Related to Sundown EK (zwh.0142.mobi) S
Malware Landing Page Request and File Download Related to Sundown EK (ah.0346.mobi) S
Malware Landing Page Request and File Download Related to Sundown EK (fp.0498.mobi) S
Malware Landing Page Request and File Download Related to Sundown EK (iw.0541.mobi) S
Malware Landing Page Request and File Download Related to Sundown EK (mu.0547.mobi) S
Malware Post Infection POST Request initialted by Chthonic Trojan (pationare.bit) S
Malware Post Infection POST Request initialted by Terdot-A-Zloader (settledness.ru) S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.