Traffic IQ Professional
Traffic File Update for February 2018
200 Application Exploits
Advantech WebAccess 8.2-2017.03.31 - Webvrpcs Service Opcode 80061 Stack Buffer Overflow S
Apple WebKit - 'WebCore InputType element' Use-After-Free S
Apple WebKit - 'WebCore Node getFlag' Use-After-Free S
Apple WebKit - 'WebCore PositionIterator decrement' Use-After-Free S
Apple WebKit - 'WebCore RenderObject previousSibling' Use-After-Free S
Apple WebKit - 'WebCore RenderText localCaretRect' Out-of-Bounds Read S
Apple WebKit - 'WebCore SimpleLineLayout RunResolver runForPoint' Out-of-Bounds Read S
Apple WebKit - 'WebCore Style TreeResolver styleForElement' Use-After-Free S
Apple WebKit - 'WebCore SVGPatternElement collectPatternAttributes' Out-of-Bounds Read S
D-Link Routers 110-412-615-815 v1.03 - 'service.cgi' Arbitrary Code Execution S
Disk Boss Enterprise 8.5.12 Denial Of Service S
Disk Pulse Enterprise 10.1.18 - Denial of Service S
Disk Pulse Enterprise 10.1.18 Denial Of Service S
DiskBoss Enterprise 8.5.12 - Denial of Service S
DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download (Metasploit) S
Drupal Module CODER 2.5 - Remote Command Execution (Metasploit) S
Dup Scout Enterprise 10.0.18 - 'Login' Buffer Overflow (Metasploit) S
Flash Operator Panel 2.31.03 - Command Execution S
FTP Ayukov NFTP FTP Client 2.0 - Buffer Overflow (Metasploit) S
HTTP Acurax Social Media Widget plugin 'admin-ajax.php' CSRF Vuln (From Server) S
HTTP Acurax Social Media Widget plugin 'admin-ajax.php' CSRF Vuln (To Server) S
HTTP Adobe Flash - ATF Planar Decompression Heap Overflow S
HTTP Adobe Flash - AVC Header Slicing Heap Overflow S
HTTP Adobe Flash - Metadata Parsing Out-of-Bounds Read S
HTTP Adobe Flash - MovieClip Attach init Object Use-After-Free S
HTTP Adobe Flash - SWF Stack Corruption S
HTTP Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Execution S
HTTP Applebite Media Movie Guide 'index.php' SQL Injection Vuln S
HTTP Applebite Media Movie Guide 'index.php' SQL Injection Vuln_1 S
HTTP Applebite Media Movie Guide 'index.php' SQL Injection Vuln_2 S
HTTP Applebite Media Movie Guide 'index.php' SQL Injection Vuln_3 S
HTTP Applebite Media Movie Guide 'index.php' SQL Injection Vuln_4 S
HTTP Applebite Media Movie Guide 'index.php' SQL Injection Vuln_5 S
HTTP Biometric Shift Employee Management System 3.0 - Local File Disclosure S
HTTP BizLogic Xnami Cross Site Scripting Vuln S
HTTP BrightSign Digital Signage - 'network_diagnostics.html' Cross Site Scripting S
HTTP BrightSign Digital Signage - 'storage_info.html' Cross Site Scripting S
HTTP BrightSign Digital Signage - Information Disclosure S
HTTP Cisco ASA Remote Code Execution and Denial of Service S
HTTP CMS Tree Page View Plugin for WordPress CSRF Vuln (From Server) S
HTTP CMS Tree Page View Plugin for WordPress CSRF Vuln (To Server) S
HTTP Codester DomainSale PHP Script 'domain.php' SQL Injection Vuln S
HTTP Conarc iChannel - Improper Access Restrictions S
HTTP D-Link DNS-320 ShareCenter 1.06 - Remote Command Injection S
HTTP Domains & Hostings Manager PRO 3.0 - Authentication Bypass S
HTTP Easy!Appointments WordPress plugins 'index.php' XSS Vuln (From Server) S
HTTP Easy!Appointments WordPress plugins 'index.php' XSS Vuln (To Server) S
HTTP Easy!Appointments WordPress plugins 'index.php' XSS Vuln_1 (From Server) S
HTTP Easy!Appointments WordPress plugins 'index.php' XSS Vuln_1 (To Server) S
HTTP Easy!Appointments WordPress plugins 'index.php' XSS Vuln_2 (From Server) S
HTTP Easy!Appointments WordPress plugins 'index.php' XSS Vuln_2 (To Server) S
HTTP Easy!Appointments WordPress plugins 'index.php' XSS Vuln_3 (From Server) S
HTTP Easy!Appointments WordPress plugins 'index.php' XSS Vuln_3 (To Server) S
HTTP FiberHome LM53Q1 - Admin Password CSRF S
HTTP FiberHome LM53Q1 - Device Statistics Information Disclosure S
HTTP FiberHome LM53Q1 - User Accounts Information Disclosure S
HTTP Flash Slideshow Maker Professional - Cross Site Scripting S
HTTP Flash Slideshow Maker Professional - Open Redirect S
HTTP Fortune Scripts Groupon Clone 'item_details.php' SQL Injection Vuln S
HTTP Fortune Scripts Groupon Clone 'vendor_details.php' SQL Injection Vuln S
HTTP Fortune Scripts Crowdfunding Script 'latest_news_details.php' SQL Injection Vuln S
HTTP Fortune Scripts Event Search Script 'city' SQL Injection Vuln S
HTTP Fortune Scripts Gigs Script 'browse-category.php' SQL Injection Vuln S
HTTP Fortune Scripts Gigs Script 'browse-scategory.php' SQL Injection Vuln S
HTTP Fortune Scripts Gigs Script 'service-provider.php' SQL Injection Vuln S
HTTP Fortune Scripts Linkedin Clone 'company_details.php' SQL Injection Vuln S
HTTP Fortune Scripts Linkedin Clone 'group.php' SQL Injection Vuln S
HTTP Fortune Scripts Linkedin Clone 'profile.php' SQL Injection Vuln S
HTTP Fortune Scripts Quibids Clone 'itechd.php' SQL Injection Vuln S
HTTP FortuneScripts Basic Job Site Script SQL Injection Vuln (From Server) S
HTTP FortuneScripts Basic Job Site Script SQL Injection Vuln (To Server) S
HTTP FortuneScripts Beauty Parlour Booking Script 'city' SQL Injection Vuln S
HTTP FortuneScripts Beauty Parlour Booking Script 'gender' SQL Injection Vuln S
HTTP FortuneScripts Care Clone 'searchJob.php' SQL Injection Vuln S
HTTP FortuneScripts Care Clone 'searchJob.php' SQL Injection Vuln_1 S
HTTP FortuneScripts Ebay Clone 'product.php' SQL Injection Vuln S
HTTP FortuneScripts Ebay Clone 'search.php' SQL Injection Vuln S
HTTP FortuneScripts Ebay Clone 'search.php' SQL Injection Vuln_1 S
HTTP FortuneScripts Foodpanda Clone SQL Injection Vuln (From Server) S
HTTP FortuneScripts Foodpanda Clone SQL Injection Vuln (To Server) S
HTTP FortuneScripts Trademe Clone 'general_item_details.php' SQL Injection Vuln S
HTTP FortuneScripts Trademe Clone 'search_item.php' SQL Injection Vuln S
HTTP Huawei Router HG532 - Arbitrary Command Execution S
HTTP IKARUS AntiVirus 2.16.7 Privilege Escalation S
HTTP ILIAS 'ilSetupGUI.php' Cross Site Scripting Vuln S
HTTP Joomla! Component Guru Pro 'promocode' SQL Injection Vuln S
HTTP Joomla! Component User Bench 'index.php' SQL Injection Vuln S
HTTP Joomla! JB Visa Extension 'index.php' SQL Injection Vuln S
HTTP Oracle E-Business Suite 12.1.312.2.x - Open Redirect S
HTTP Oracle WebLogic 10.3.6 - 'wls-wsat' Component Deserialisation Remote Command Execution S
HTTP Palo Alto Networks Firewalls - 'debug.php' Information Disclosure S
HTTP Palo Alto Networks Firewalls - Session Corruption S
HTTP PerfexCRM 1.9.7 - '.php5' Arbitrary File Upload S
HTTP PerfexCRM 1.9.7 - TEXT Line Arbitrary File Upload S
HTTP PHP Scripts Mall Advanced Real Estate Script 'search-results.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Advanced Real Estate Script 'search-results.php' SQL Injection Vuln_1 S
HTTP PHP Scripts Mall Advanced Real Estate Script 'search-results.php' SQL Injection Vuln_2 S
HTTP PHP Scripts Mall Advanced Real Estate Script 'search-results.php' SQL Injection Vuln_3 S
HTTP PHP Scripts Mall Advanced Real Estate Script 'search-results.php' SQL Injection Vuln_4 S
HTTP PHP Scripts Mall Advanced Real Estate Script 'search-results.php' SQL Injection Vuln_5 S
HTTP PHP Scripts Mall Advanced World Database 'city.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Advanced World Database 'city.php' SQL Injection Vuln_1 S
HTTP PHP Scripts Mall Advanced World Database 'state.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Bus Booking Script 'txtname' SQL Injection Vuln (From Server) S
HTTP PHP Scripts Mall Bus Booking Script 'txtname' SQL Injection Vuln (To Server) S
HTTP PHP Scripts Mall Cab Booking Script 'city' SQL Injection Vuln S
HTTP PHP Scripts Mall Car Rental Script 'countrycode1.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Chartered Accountant Booking Script 'city' SQL Injection Vuln S
HTTP PHP Scripts Mall Child Care Script 'city' SQL Injection Vuln S
HTTP PHP Scripts Mall Co-work Space Search Script 'city' SQL Injection Vuln S
HTTP PHP Scripts Mall Consumer Complaints Clone Script 'id' SQL Injection Vuln S
HTTP PHP Scripts Mall Doctor Search Script 'city' SQL Injection Vuln S
HTTP PHP Scripts Mall E-commerce MLM Software 'event_detail.php' SQL Injection Vuln S
HTTP PHP Scripts Mall E-commerce MLM Software 'news_detail.php' SQL Injection Vuln S
HTTP PHP Scripts Mall E-commerce MLM Software 'service_detail.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Entrepreneur Bus Booking Script 'booker_details.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Entrepreneur Dating Script 'search_result.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Entrepreneur Dating Script 'search_result.php' SQL Injection Vuln_1 S
HTTP PHP Scripts Mall Entrepreneur Dating Script 'search_result.php' SQL Injection Vuln_2 S
HTTP PHP Scripts Mall Entrepreneur Dating Script 'search_result.php' SQL Injection Vuln_3 S
HTTP PHP Scripts Mall Entrepreneur Job Portal Script 'jobsearch_all.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Facebook Clone 'friend-profile.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Facebook Clone 'process.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Food Order Script 'city' SQL Injection Vuln S
HTTP PHP Scripts Mall Foodspotting Clone Script 'quicksearch.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Freelance Website Script 'jobdetails.php' SQL Injection Vuln S
HTTP Samsung Internet Browser SOP Bypass S
HTTP Synology DiskStation Manager (DSM) 6.1.3-15152 - 'forget_passwd.cgi' User Enumeration S
HTTP Synology Photo Station 6.8.2-3461 - Cross Site Scripting S
HTTP Telesquare SKT LTE Router SDT-CS3B1 - 'getModemStatus' Information Disclosure S
HTTP Telesquare SKT LTE Router SDT-CS3B1 - 'getUiccState' Information Disclosure S
HTTP Telesquare SKT LTE Router SDT-CS3B1 - 'SystemInfo' Information Disclosure S
HTTP Telesquare SKT LTE Router SDT-CS3B1 CSRF Vuln (From Server) S
HTTP Telesquare SKT LTE Router SDT-CS3B1 CSRF Vuln (To Server) S
HTTP Trend Micro Smart Protection Server - 'activeupdate' PHP Code Execution S
HTTP Trend Micro Smart Protection Server - 'credentials' Improper Access Control S
HTTP Trend Micro Smart Protection Server - 'database' Improper Access Control S
HTTP Trend Micro Smart Protection Server - Remote Command Execution S
HTTP Trend Micro Smart Protection Server - Stored Cross-Site Scripting S
HTTP Vanguard 1.4 - Arbitrary File Upload S
HTTP Vanguard 1.4 - SQL Injection S
HTTP WDMyCloud 2.30.165 - 'count' Command Injection S
HTTP WDMyCloud 2.30.165 - 'DsdkProxy.php' Command Injection S
HTTP WDMyCloud 2.30.165 - Unauthenticated Language Reset S
HTTP WDMyCloud 2.30.165 - Users Information Disclosure S
HTTP WebKit - 'WebCoreFormSubmissioncreate' Use-After-Free S
HTTP WordPress Plugin Admin Menu Tree Page View 'admin-ajax.php' CSRF Vuln (From Server) S
HTTP WordPress Plugin Admin Menu Tree Page View 'admin-ajax.php' CSRF Vuln (To Server) S
HTTP WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload S
HTTP WordPress Plugin Smart Google Code Inserter 3.5 - Code Insertion S
HTTP WordPress Plugin Smart Google Code Inserter 3.5 - SQL Injection S
HTTP WordPress Plugin Userpro 4.9.17.1 - Authentication Bypass S
HTTP WordPress Plugin WordPress Download Manager 2.9.60 - Cross-Site Request Forgery S
HTTP Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure S
HTTP Zivif PR115-204-P-RS 2.3.4.2103 - Authentication Bypass S
HTTP Zivif PR115-204-P-RS 2.3.4.2103 - Command Injection S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNETWOSummaryList' SQL Injection Vuln S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNETWOSummaryList' SQL Injection Vuln_1 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNETWOSummaryList' SQL Injection Vuln_10 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNETWOSummaryList' SQL Injection Vuln_2 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNETWOSummaryList' SQL Injection Vuln_3 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNETWOSummaryList' SQL Injection Vuln_4 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNETWOSummaryList' SQL Injection Vuln_5 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNETWOSummaryList' SQL Injection Vuln_6 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNETWOSummaryList' SQL Injection Vuln_7 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNETWOSummaryList' SQL Injection Vuln_8 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNETWOSummaryList' SQL Injection Vuln_9 S
Iopsys Router - 'dhcp' Remote Code Execution S
Linksys WVBR0-25 - User-Agent Command Execution (Metasploit) S
Malware GET Request to Server associated with LinkedIn Phishing Campaign (bit.ly.2bnssjz) S
Malware GET Request to Server associated with Office 365 Phishing Campaign (bit.ly.2nrb8wf) S
Malware HTTP GET Request Associated with Fake Flash Updater (1sjs21891.ru)_1 S
Malware HTTP GET Request Associated with Fake Flash Updater (1sjs21891.ru)_2 S
Malware HTTP GET Request Associated with Fake Flash Updater (5chrup56.ru) S
Malware HTTP GET Request Associated with Fake Flash Updater (adobeflashplayer.ki1ahb.xyz)_1 S
Malware HTTP GET Request Associated with Fake Flash Updater (adobeflashplayer.ki1ahb.xyz)_2 S
Malware HTTP GET Request Associated with Fake Flash Updater (adobeflashplayer.ki1ahb.xyz)_3 S
Malware HTTP GET Request Associated with Fake Flash Updater (github.com) S
Malware HTTP GET Request Associated with Fake Flash Updater (raw.githubusercontent.com) S
Malware HTTP GET Request Associated with Fake Flash Updater (zad33a.ru) S
Microsoft Edge Chakra - 'AppendLeftOverItemsFromEndSegment' Out-of-Bounds Read S
Microsoft Edge Chakra - 'asm.js' Out-of-Bounds Read S
Microsoft Edge Chakra JIT - 'Lowerer LowerSetConcatStrMultiItem' Missing Integer S
Microsoft Edge Chakra JIT - BackwardPass RemoveEmptyLoopAfterMemOp Does not Insert Branches S
Microsoft Edge Chakra JIT - Escape Analysis Bug S
Microsoft Edge Chakra JIT - Op_MaxInAnArray and Op_MinInAnArray S
Monstra CMS 3.0.4 - Arbitrary File Upload Remote Code Execution S
NodeJS Debugger - Command Injection (Metasploit) S
Oracle WebLogic - WLS-WSAT Component Deserialization Remote Code Execution (Metasploit) S
Ruby CVE-2017-17405 Command Execution Vulnerability S
Samsung Internet Browser - SOP Bypass (Metasploit) S
Sync Breeze Enterprise 10.1.16 - Denial of Service S
Sync Breeze Enterprise 10.1.16 Denial Of Service S
Synology Photostation 6.7.2-3429 - Remote Code Execution (Metasploit) S
Technicolor DPC3928SL - SNMP Authentication Bypass S
Trend Micro OfficeScan 11.0 & XG (12.0) - Remote Code Execution (Metasploit) S
Ulterius Server 1.9.5.0 - Directory Traversal S
VX Search Enterprise 10.1.12 - Denial of Service S
VX Search Enterprise 10.1.12 Denial Of Service S
Yawcam 0.6.0 Directory Traversal S