Search

Traffic File Update - February 2018

This Traffic IQ Professional update for February 2018 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for February 2018

200 Application Exploits

Advantech WebAccess 8.2-2017.03.31 - Webvrpcs Service Opcode 80061 Stack Buffer Overflow S
Apple WebKit - 'WebCore InputType element' Use-After-Free S
Apple WebKit - 'WebCore Node getFlag' Use-After-Free S
Apple WebKit - 'WebCore PositionIterator decrement' Use-After-Free S
Apple WebKit - 'WebCore RenderObject previousSibling' Use-After-Free S
Apple WebKit - 'WebCore RenderText localCaretRect' Out-of-Bounds Read S
Apple WebKit - 'WebCore SimpleLineLayout RunResolver runForPoint' Out-of-Bounds Read S
Apple WebKit - 'WebCore Style TreeResolver styleForElement' Use-After-Free S
Apple WebKit - 'WebCore SVGPatternElement collectPatternAttributes' Out-of-Bounds Read S
D-Link Routers 110-412-615-815 v1.03 - 'service.cgi' Arbitrary Code Execution S
Disk Boss Enterprise 8.5.12 Denial Of Service S
Disk Pulse Enterprise 10.1.18 - Denial of Service S
Disk Pulse Enterprise 10.1.18 Denial Of Service S
DiskBoss Enterprise 8.5.12 - Denial of Service S
DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download (Metasploit) S
Drupal Module CODER 2.5 - Remote Command Execution (Metasploit) S
Dup Scout Enterprise 10.0.18 - 'Login' Buffer Overflow (Metasploit) S
Flash Operator Panel 2.31.03 - Command Execution S
FTP Ayukov NFTP FTP Client 2.0 - Buffer Overflow (Metasploit) S
HTTP Acurax Social Media Widget plugin 'admin-ajax.php' CSRF Vuln (From Server) S
HTTP Acurax Social Media Widget plugin 'admin-ajax.php' CSRF Vuln (To Server) S
HTTP Adobe Flash - ATF Planar Decompression Heap Overflow S
HTTP Adobe Flash - AVC Header Slicing Heap Overflow S
HTTP Adobe Flash - Metadata Parsing Out-of-Bounds Read S
HTTP Adobe Flash - MovieClip Attach init Object Use-After-Free S
HTTP Adobe Flash - SWF Stack Corruption S
HTTP Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Execution S
HTTP Applebite Media Movie Guide 'index.php' SQL Injection Vuln S
HTTP Applebite Media Movie Guide 'index.php' SQL Injection Vuln_1 S
HTTP Applebite Media Movie Guide 'index.php' SQL Injection Vuln_2 S
HTTP Applebite Media Movie Guide 'index.php' SQL Injection Vuln_3 S
HTTP Applebite Media Movie Guide 'index.php' SQL Injection Vuln_4 S
HTTP Applebite Media Movie Guide 'index.php' SQL Injection Vuln_5 S
HTTP Biometric Shift Employee Management System 3.0 - Local File Disclosure S
HTTP BizLogic Xnami Cross Site Scripting Vuln S
HTTP BrightSign Digital Signage - 'network_diagnostics.html' Cross Site Scripting S
HTTP BrightSign Digital Signage - 'storage_info.html' Cross Site Scripting S
HTTP BrightSign Digital Signage - Information Disclosure S
HTTP Cisco ASA Remote Code Execution and Denial of Service S
HTTP CMS Tree Page View Plugin for WordPress CSRF Vuln (From Server) S
HTTP CMS Tree Page View Plugin for WordPress CSRF Vuln (To Server) S
HTTP Codester DomainSale PHP Script 'domain.php' SQL Injection Vuln S
HTTP Conarc iChannel - Improper Access Restrictions S
HTTP D-Link DNS-320 ShareCenter 1.06 - Remote Command Injection S
HTTP Domains & Hostings Manager PRO 3.0 - Authentication Bypass S
HTTP Easy!Appointments WordPress plugins 'index.php' XSS Vuln (From Server) S
HTTP Easy!Appointments WordPress plugins 'index.php' XSS Vuln (To Server) S
HTTP Easy!Appointments WordPress plugins 'index.php' XSS Vuln_1 (From Server) S
HTTP Easy!Appointments WordPress plugins 'index.php' XSS Vuln_1 (To Server) S
HTTP Easy!Appointments WordPress plugins 'index.php' XSS Vuln_2 (From Server) S
HTTP Easy!Appointments WordPress plugins 'index.php' XSS Vuln_2 (To Server) S
HTTP Easy!Appointments WordPress plugins 'index.php' XSS Vuln_3 (From Server) S
HTTP Easy!Appointments WordPress plugins 'index.php' XSS Vuln_3 (To Server) S
HTTP FiberHome LM53Q1 - Admin Password CSRF S
HTTP FiberHome LM53Q1 - Device Statistics Information Disclosure S
HTTP FiberHome LM53Q1 - User Accounts Information Disclosure S
HTTP Flash Slideshow Maker Professional - Cross Site Scripting S
HTTP Flash Slideshow Maker Professional - Open Redirect S
HTTP Fortune Scripts Groupon Clone 'item_details.php' SQL Injection Vuln S
HTTP Fortune Scripts Groupon Clone 'vendor_details.php' SQL Injection Vuln S
HTTP Fortune Scripts Crowdfunding Script 'latest_news_details.php' SQL Injection Vuln S
HTTP Fortune Scripts Event Search Script 'city' SQL Injection Vuln S
HTTP Fortune Scripts Gigs Script 'browse-category.php' SQL Injection Vuln S
HTTP Fortune Scripts Gigs Script 'browse-scategory.php' SQL Injection Vuln S
HTTP Fortune Scripts Gigs Script 'service-provider.php' SQL Injection Vuln S
HTTP Fortune Scripts Linkedin Clone 'company_details.php' SQL Injection Vuln S
HTTP Fortune Scripts Linkedin Clone 'group.php' SQL Injection Vuln S
HTTP Fortune Scripts Linkedin Clone 'profile.php' SQL Injection Vuln S
HTTP Fortune Scripts Quibids Clone 'itechd.php' SQL Injection Vuln S
HTTP FortuneScripts Basic Job Site Script SQL Injection Vuln (From Server) S
HTTP FortuneScripts Basic Job Site Script SQL Injection Vuln (To Server) S
HTTP FortuneScripts Beauty Parlour Booking Script 'city' SQL Injection Vuln S
HTTP FortuneScripts Beauty Parlour Booking Script 'gender' SQL Injection Vuln S
HTTP FortuneScripts Care Clone 'searchJob.php' SQL Injection Vuln S
HTTP FortuneScripts Care Clone 'searchJob.php' SQL Injection Vuln_1 S
HTTP FortuneScripts Ebay Clone 'product.php' SQL Injection Vuln S
HTTP FortuneScripts Ebay Clone 'search.php' SQL Injection Vuln S
HTTP FortuneScripts Ebay Clone 'search.php' SQL Injection Vuln_1 S
HTTP FortuneScripts Foodpanda Clone SQL Injection Vuln (From Server) S
HTTP FortuneScripts Foodpanda Clone SQL Injection Vuln (To Server) S
HTTP FortuneScripts Trademe Clone 'general_item_details.php' SQL Injection Vuln S
HTTP FortuneScripts Trademe Clone 'search_item.php' SQL Injection Vuln S
HTTP Huawei Router HG532 - Arbitrary Command Execution S
HTTP IKARUS AntiVirus 2.16.7 Privilege Escalation S
HTTP ILIAS 'ilSetupGUI.php' Cross Site Scripting Vuln S
HTTP Joomla! Component Guru Pro 'promocode' SQL Injection Vuln S
HTTP Joomla! Component User Bench 'index.php' SQL Injection Vuln S
HTTP Joomla! JB Visa Extension 'index.php' SQL Injection Vuln S
HTTP Oracle E-Business Suite 12.1.312.2.x - Open Redirect S
HTTP Oracle WebLogic 10.3.6 - 'wls-wsat' Component Deserialisation Remote Command Execution S
HTTP Palo Alto Networks Firewalls - 'debug.php' Information Disclosure S
HTTP Palo Alto Networks Firewalls - Session Corruption S
HTTP PerfexCRM 1.9.7 - '.php5' Arbitrary File Upload S
HTTP PerfexCRM 1.9.7 - TEXT Line Arbitrary File Upload S
HTTP PHP Scripts Mall Advanced Real Estate Script 'search-results.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Advanced Real Estate Script 'search-results.php' SQL Injection Vuln_1 S
HTTP PHP Scripts Mall Advanced Real Estate Script 'search-results.php' SQL Injection Vuln_2 S
HTTP PHP Scripts Mall Advanced Real Estate Script 'search-results.php' SQL Injection Vuln_3 S
HTTP PHP Scripts Mall Advanced Real Estate Script 'search-results.php' SQL Injection Vuln_4 S
HTTP PHP Scripts Mall Advanced Real Estate Script 'search-results.php' SQL Injection Vuln_5 S
HTTP PHP Scripts Mall Advanced World Database 'city.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Advanced World Database 'city.php' SQL Injection Vuln_1 S
HTTP PHP Scripts Mall Advanced World Database 'state.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Bus Booking Script 'txtname' SQL Injection Vuln (From Server) S
HTTP PHP Scripts Mall Bus Booking Script 'txtname' SQL Injection Vuln (To Server) S
HTTP PHP Scripts Mall Cab Booking Script 'city' SQL Injection Vuln S
HTTP PHP Scripts Mall Car Rental Script 'countrycode1.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Chartered Accountant Booking Script 'city' SQL Injection Vuln S
HTTP PHP Scripts Mall Child Care Script 'city' SQL Injection Vuln S
HTTP PHP Scripts Mall Co-work Space Search Script 'city' SQL Injection Vuln S
HTTP PHP Scripts Mall Consumer Complaints Clone Script 'id' SQL Injection Vuln S
HTTP PHP Scripts Mall Doctor Search Script 'city' SQL Injection Vuln S
HTTP PHP Scripts Mall E-commerce MLM Software 'event_detail.php' SQL Injection Vuln S
HTTP PHP Scripts Mall E-commerce MLM Software 'news_detail.php' SQL Injection Vuln S
HTTP PHP Scripts Mall E-commerce MLM Software 'service_detail.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Entrepreneur Bus Booking Script 'booker_details.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Entrepreneur Dating Script 'search_result.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Entrepreneur Dating Script 'search_result.php' SQL Injection Vuln_1 S
HTTP PHP Scripts Mall Entrepreneur Dating Script 'search_result.php' SQL Injection Vuln_2 S
HTTP PHP Scripts Mall Entrepreneur Dating Script 'search_result.php' SQL Injection Vuln_3 S
HTTP PHP Scripts Mall Entrepreneur Job Portal Script 'jobsearch_all.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Facebook Clone 'friend-profile.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Facebook Clone 'process.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Food Order Script 'city' SQL Injection Vuln S
HTTP PHP Scripts Mall Foodspotting Clone Script 'quicksearch.php' SQL Injection Vuln S
HTTP PHP Scripts Mall Freelance Website Script 'jobdetails.php' SQL Injection Vuln S
HTTP Samsung Internet Browser SOP Bypass S
HTTP Synology DiskStation Manager (DSM) 6.1.3-15152 - 'forget_passwd.cgi' User Enumeration S
HTTP Synology Photo Station 6.8.2-3461 - Cross Site Scripting S
HTTP Telesquare SKT LTE Router SDT-CS3B1 - 'getModemStatus' Information Disclosure S
HTTP Telesquare SKT LTE Router SDT-CS3B1 - 'getUiccState' Information Disclosure S
HTTP Telesquare SKT LTE Router SDT-CS3B1 - 'SystemInfo' Information Disclosure S
HTTP Telesquare SKT LTE Router SDT-CS3B1 CSRF Vuln (From Server) S
HTTP Telesquare SKT LTE Router SDT-CS3B1 CSRF Vuln (To Server) S
HTTP Trend Micro Smart Protection Server - 'activeupdate' PHP Code Execution S
HTTP Trend Micro Smart Protection Server - 'credentials' Improper Access Control S
HTTP Trend Micro Smart Protection Server - 'database' Improper Access Control S
HTTP Trend Micro Smart Protection Server - Remote Command Execution S
HTTP Trend Micro Smart Protection Server - Stored Cross-Site Scripting S
HTTP Vanguard 1.4 - Arbitrary File Upload S
HTTP Vanguard 1.4 - SQL Injection S
HTTP WDMyCloud 2.30.165 - 'count' Command Injection S
HTTP WDMyCloud 2.30.165 - 'DsdkProxy.php' Command Injection S
HTTP WDMyCloud 2.30.165 - Unauthenticated Language Reset S
HTTP WDMyCloud 2.30.165 - Users Information Disclosure S
HTTP WebKit - 'WebCoreFormSubmissioncreate' Use-After-Free S
HTTP WordPress Plugin Admin Menu Tree Page View 'admin-ajax.php' CSRF Vuln (From Server) S
HTTP WordPress Plugin Admin Menu Tree Page View 'admin-ajax.php' CSRF Vuln (To Server) S
HTTP WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload S
HTTP WordPress Plugin Smart Google Code Inserter 3.5 - Code Insertion S
HTTP WordPress Plugin Smart Google Code Inserter 3.5 - SQL Injection S
HTTP WordPress Plugin Userpro 4.9.17.1 - Authentication Bypass S
HTTP WordPress Plugin WordPress Download Manager 2.9.60 - Cross-Site Request Forgery S
HTTP Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure S
HTTP Zivif PR115-204-P-RS 2.3.4.2103 - Authentication Bypass S
HTTP Zivif PR115-204-P-RS 2.3.4.2103 - Command Injection S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNETWOSummaryList' SQL Injection Vuln S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNETWOSummaryList' SQL Injection Vuln_1 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNETWOSummaryList' SQL Injection Vuln_10 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNETWOSummaryList' SQL Injection Vuln_2 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNETWOSummaryList' SQL Injection Vuln_3 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNETWOSummaryList' SQL Injection Vuln_4 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNETWOSummaryList' SQL Injection Vuln_5 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNETWOSummaryList' SQL Injection Vuln_6 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNETWOSummaryList' SQL Injection Vuln_7 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNETWOSummaryList' SQL Injection Vuln_8 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNETWOSummaryList' SQL Injection Vuln_9 S
Iopsys Router - 'dhcp' Remote Code Execution S
Linksys WVBR0-25 - User-Agent Command Execution (Metasploit) S
Malware GET Request to Server associated with LinkedIn Phishing Campaign (bit.ly.2bnssjz) S
Malware GET Request to Server associated with Office 365 Phishing Campaign (bit.ly.2nrb8wf) S
Malware HTTP GET Request Associated with Fake Flash Updater (1sjs21891.ru)_1 S
Malware HTTP GET Request Associated with Fake Flash Updater (1sjs21891.ru)_2 S
Malware HTTP GET Request Associated with Fake Flash Updater (5chrup56.ru) S
Malware HTTP GET Request Associated with Fake Flash Updater (adobeflashplayer.ki1ahb.xyz)_1 S
Malware HTTP GET Request Associated with Fake Flash Updater (adobeflashplayer.ki1ahb.xyz)_2 S
Malware HTTP GET Request Associated with Fake Flash Updater (adobeflashplayer.ki1ahb.xyz)_3 S
Malware HTTP GET Request Associated with Fake Flash Updater (github.com) S
Malware HTTP GET Request Associated with Fake Flash Updater (raw.githubusercontent.com) S
Malware HTTP GET Request Associated with Fake Flash Updater (zad33a.ru) S
Microsoft Edge Chakra - 'AppendLeftOverItemsFromEndSegment' Out-of-Bounds Read S
Microsoft Edge Chakra - 'asm.js' Out-of-Bounds Read S
Microsoft Edge Chakra JIT - 'Lowerer LowerSetConcatStrMultiItem' Missing Integer S
Microsoft Edge Chakra JIT - BackwardPass RemoveEmptyLoopAfterMemOp Does not Insert Branches S
Microsoft Edge Chakra JIT - Escape Analysis Bug S
Microsoft Edge Chakra JIT - Op_MaxInAnArray and Op_MinInAnArray S
Monstra CMS 3.0.4 - Arbitrary File Upload Remote Code Execution S
NodeJS Debugger - Command Injection (Metasploit) S
Oracle WebLogic - WLS-WSAT Component Deserialization Remote Code Execution (Metasploit) S
Ruby CVE-2017-17405 Command Execution Vulnerability S
Samsung Internet Browser - SOP Bypass (Metasploit) S
Sync Breeze Enterprise 10.1.16 - Denial of Service S
Sync Breeze Enterprise 10.1.16 Denial Of Service S
Synology Photostation 6.7.2-3429 - Remote Code Execution (Metasploit) S
Technicolor DPC3928SL - SNMP Authentication Bypass S
Trend Micro OfficeScan 11.0 & XG (12.0) - Remote Code Execution (Metasploit) S
Ulterius Server 1.9.5.0 - Directory Traversal S
VX Search Enterprise 10.1.12 - Denial of Service S
VX Search Enterprise 10.1.12 Denial Of Service S
Yawcam 0.6.0 Directory Traversal S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.