Search

Traffic File Update - November 2018

This Traffic IQ Professional update for November 2018 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for November 2018

199 Application Exploits

Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection S
Academic Timetable Final Build 7.0a-7.0b - 'iDisplayLength' SQL Injection S
Academic Timetable Final Build 7.0a-7.0b - 'iDisplayStart' SQL Injection S
Appsource School Management System 1.0 - 'student_id' SQL Injection S
Appsource School Management System 1.0 - 'teacher_id' SQL Injection S
Axis 2100 Network Camera 2.43 Cross Site Scripting S
Billion ADSL Router 400G - Cross-Site Scripting S
Binary MLM Software 1.0 - 'pid' SQL Injection S
E-Sic Software livre CMS - Autentication Bypass S
E-Sic Software livre CMS - Cross Site Scripting S
eNdonesia Portal 8.7 - 'aboutid' SQL Injection S
eNdonesia Portal 8.7 - 'artid' SQL Injection S
eNdonesia Portal 8.7 - 'cid' SQL Injection S
eNdonesia Portal 8.7 - 'contid' SQL Injection S
eNdonesia Portal 8.7 - 'did' SQL Injection S
eNdonesia Portal 8.7 - 'view_album&cid' SQL Injection S
HTTP 2-Plan Team 1.0.4 - Arbitrary File Upload S
HTTP AiOPMSD Final 'actor' SQL Injection Vuln S
HTTP AiOPMSD Final 'country' SQL Injection Vuln S
HTTP AiOPMSD Final 'director' SQL Injection Vuln S
HTTP AiOPMSD Final 'genre' SQL Injection Vuln S
HTTP AiOPMSD Final 'id' SQL Injection Vuln S
HTTP AiOPMSD Final 'q' SQL Injection Vuln S
HTTP AiOPMSD Final 'quality' SQL Injection Vuln S
HTTP AiOPMSD Final 'year' SQL Injection Vuln S
HTTP Apache OFBiz 16.11.04 - XML External Entity Injection S
HTTP Asaancart Simple PHP Shopping Cart 0.9 - 'login.php' SQL Injection S
HTTP Asaancart Simple PHP Shopping Cart 0.9 - 'page.php' SQL Injection S
HTTP Asaancart Simple PHP Shopping Cart 0.9 - 'product.php' SQL Injection S
HTTP Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload S
HTTP Atlassian Jira - Authenticated Upload Code Execution (Metasploit) S
HTTP CI User Login and Management 1.0 - Arbitrary File Upload S
HTTP ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload) S
HTTP CMS Made Simple 2.2.7 - (Authenticated) Remote Code Execution S
HTTP D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery S
HTTP D-Link Routers - Command Injection S
HTTP D-Link Routers - Plaintext Password S
HTTP Delta Sql 'docs_manage.php' SQL Injection Vuln S
HTTP Delta Sql 'list_project_modules.php' SQL Injection Vuln S
HTTP Easyndexer 1.0 - Arbitrary File Download S
HTTP Easyndexer 1.0 - Cross-Site Request Forgery (Add Admin) S
HTTP Easyndexer 1.0 - Database File Download S
HTTP EdTv 2 - 'id' SQL Injection S
HTTP Electricks eCommerce 'prod_id' SQL Injection Vuln S
HTTP Electricks eCommerce 'search' SQL Injection Vuln S
HTTP EMC xPression '$model.jobHistoryId' SQL Injection Vuln S
HTTP EverSync 0.5 - Arbitrary File Download S
HTTP Expense Management 1.0 - Arbitrary File Upload S
HTTP Fankstribe SG ERP 'index.php' SQL Injection Vuln S
HTTP Fantastic Blog CMS 'id' SQL Injection Vuln S
HTTP Fantastic Blog CMS 'id' SQL Injection Vuln_1 S
HTTP Fifa Master XLS 'usw' SQL Injection Vuln S
HTTP Gate Pass Management System 'login' SQL Injection Vuln S
HTTP Helpdezk 1.1.1 - Arbitrary File Upload S
HTTP Icecast url-auth Buffer Overflow S
HTTP Instagram Clone 1.0 - Arbitrary File Upload S
HTTP K-iwi Framework 'index.php' SQL Injection Vuln S
HTTP K-iwi Framework 'index.php' SQL Injection Vuln_1 S
HTTP Kordil EDMS 2.2.60rc3 - Arbitrary File Upload S
HTTP LayerBB Forum 'search_query' SQL Injection Vuln S
HTTP LibreHealth 2.0.0 - (Authenticated) Arbitrary File Read S
HTTP Loadbalancer.org Enterprise VA MAX 8.3.2 - 'command.php' Remote Code Execution S
HTTP Loadbalancer.org Enterprise VA MAX 8.3.2 - 'lbadmin' Remote Code Execution S
HTTP Maitra Mail Tracking System 1.7.2 - Database File Download S
HTTP Maitra Mail Tracking System 1.7.2 - inmail SQL Injection S
HTTP Maitra Mail Tracking System 1.7.2 - outmail SQL Injection S
HTTP MGB OpenSource Guestbook 'id' SQL Injection Vuln S
HTTP Microsoft Edge Chakra JIT - 'BailOutOnInvalidatedArrayHeadSegment' Check Bypass S
HTTP Microsoft Edge Chakra JIT - Type Confusion S
HTTP Microstrategy Web 7 - 'admin.asp' Cross-Site Scripting S
HTTP Microstrategy Web 7 - 'Login.asp' Cross-Site Scripting S
HTTP Microstrategy Web 7 - Directory Traversal S
HTTP MOGG Web Simulator script 'id' SQL Injection Vuln S
HTTP MPS Box 'uuid' SQL Injection Vuln S
HTTP Musicco 2.0.0 - Arbitrary Directory Download S
HTTP Net-Billetterie 2.9 - 'login' SQL Injection S
HTTP NETGEAR WiFi Router R6120 - Credential Disclosure S
HTTP NETGEAR WiFi Router R6120 - Password Disclosure S
HTTP NEXUS IT OPAC EasyWeb 'biblio' SQL Injection Vuln S
HTTP NEXUS IT OPAC EasyWeb 'nome' SQL Injection Vuln S
HTTP Notes Manager 1.0 - Arbitrary File Upload S
HTTP Open Faculty Evaluation System 'batch_name' SQL Injection Vuln S
HTTP Open Faculty Evaluation System 'b_name' SQL Injection Vuln S
HTTP Open Faculty Evaluation System 'division' SQL Injection Vuln S
HTTP Open Faculty Evaluation System 'roll_no' SQL Injection Vuln S
HTTP Open Faculty Evaluation System 'sem_name' SQL Injection Vuln S
HTTP OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection S
HTTP PHP Mass Mail 1.0 - Arbitrary File Upload S
HTTP PHP Proxy 3.0.3 - Local File Inclusion S
HTTP PHPTPoint Hospital Management System 'alist.php' SQL Injection Vuln S
HTTP PHPTPoint Hospital Management System 'dundel.php' SQL Injection Vuln S
HTTP PHPTPoint Hospital Management System 'pdel.php' SQL Injection Vuln S
HTTP PHPTPoint Hospital Management System 'pundel.php' SQL Injection Vuln S
HTTP PHPTPoint Hospital Management System 'user' SQL Injection Vuln S
HTTP PHPTPoint Pharmacy Management System 'username' SQL Injection Vuln S
HTTP Poppy Web Interface Generator 0.8 - Arbitrary File Upload (From Server) S
HTTP Poppy Web Interface Generator 0.8 - Arbitrary File Upload (To Server) S
HTTP Poppy Web Interface Generator 0.8 - Create File CSRF (From Server) S
HTTP Poppy Web Interface Generator 0.8 - Create File CSRF (To Server) S
HTTP Poppy Web Interface Generator 0.8 - Edit File CSRF (From Server) S
HTTP Poppy Web Interface Generator 0.8 - Edit File CSRF (To Server) S
HTTP ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution S
HTTP qdPM 'filter_by' SQL Injection Vuln S
HTTP qdPM 'filter_by' SQL Injection Vuln_1 S
HTTP Quick Count 'txtInstID' SQL Injection Vuln S
HTTP Rausoft ID.prove 2.95 - 'Username' SQL injection S
HTTP Rmedia SMS 1.0 - SQL Injection S
HTTP SaltOS Erp Crm 'action2' SQL Injection Vuln S
HTTP SaltOS Erp Crm 3.1 r8126 - Database File Download S
HTTP School Attendance Monitoring System 1.0 - Arbitrary File Upload S
HTTP School ERP Pro+Responsive 'fid' SQL Injection Vuln S
HTTP School ERP Pro+Responsive 1.0 - 'office_admin' Arbitrary File Download S
HTTP School ERP Pro+Responsive 1.0 - 'student_staff' Arbitrary File Download S
HTTP ServersCheck Monitoring Software 14.3.3 - 'id' SQL Injection S
HTTP ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write S
HTTP ServerZilla 1.0 - 'email' SQL Injection S
HTTP SiAdmin 'id' SQL Injection Vuln S
HTTP SiAdmin 'id' SQL Injection Vuln_1 S
HTTP SIM-PKH 'id' SQL Injection Vuln S
HTTP SIM-PKH 2.4.1 - Arbitrary File Upload S
HTTP Simple Chat System 'id' SQL Injection Vuln S
HTTP Simple POS and Inventory 'cat' SQL Injection Vuln S
HTTP Simple POS and Inventory 'id' SQL Injection Vuln S
HTTP Singleleg MLM Software 'msg_id' SQL Injection Vuln S
HTTP South Gate Inn Online Reservation System 'q' SQL Injection Vuln S
HTTP The Open ISES Project 3.30A - Arbitrary File Download S
HTTP Ticketly 1.0 - 'category_id' SQL Injection S
HTTP Ticketly 1.0 - 'description' SQL Injection S
HTTP Ticketly 1.0 - 'kind_id' SQL Injection S
HTTP Ticketly 1.0 - 'king_id' SQL Injection S
HTTP Ticketly 1.0 - 'name' SQL Injection S
HTTP Ticketly 1.0 - 'priority_id' SQL Injection S
HTTP Ticketly 1.0 - 'project_id' SQL Injection S
HTTP Ticketly 1.0 - 'status_id' SQL Injection S
HTTP Ticketly 1.0 - 'title' SQL Injection S
HTTP Tina4 Stack 1.0.3 - Database File Download S
HTTP Tina4 Stack 1.0.3 - SQL Injection S
HTTP Veterinary Clinic Management 'editpetnum' SQL Injection Vuln S
HTTP Veterinary Clinic Management 'proccode' SQL Injection Vuln S
HTTP Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection S
HTTP Warranty Tracking System 11.06.3 - 'txtCustomerName' SQL Injection S
HTTP Warranty Tracking System 11.06.3 - 'txtPhone' SQL Injection S
HTTP WordPress CherryFramework Themes 3.1.4 - Backup File Download S
HTTP WordPress FormCraft Basic 1.0.5 SQL Injection S
HTTP Zechat 'uname' SQL Injection Vuln S
HTTP ZKTeco ZKTime Web (Change Password) CSRF Vuln (From Server) S
HTTP ZKTeco ZKTime Web (Change Password) CSRF Vuln (To Server) S
Intelbras Telefone IP TIP200 LITE - Local File Disclosure S
iTech Gigs Script 1.21 'sc' SQL Injection S
iTech Gigs Script 1.21 'ser' SQL Injection S
Joomla 3.7 - 'get' SQL Injection S
Joomla 3.7 - SQL Injection POST S
Kados R10 GreenBee - 'feature_id' SQL Injection S
Kados R10 GreenBee - 'release_id' SQL Injection S
Learning with Texts 1.6.2 - 'lang' SQL Injection S
Learning with Texts 1.6.2 - 'start' SQL Injection S
Learning with Texts 1.6.2 - 'text' SQL Injection S
Learning with Texts 1.6.2 - 'wid' SQL Injection S
Logitech Media Server - Cross-Site Scripting S
Malware GET Request Associated with Trickbot Malware (46.173.218.26) S
Malware GET Request Associated with Trickbot Malware (46.173.218.43) S
Monstra CMS 3.0.4 - Cross-Site Scripting S
MV Video Sharing Software 1.2 - 'searchname' SQL Injection S
MySQL Edit Table 1.0 - 'del&id' SQL Injection S
MySQL Edit Table 1.0 - 'edit&id' SQL Injection S
Open Faculty Evaluation System 5.6 - 'batch_name' SQL Injection S
Open Faculty Evaluation System 5.6 - 'b_name' SQL Injection S
Open Faculty Evaluation System 5.6 - 'division' SQL Injection S
Open Faculty Evaluation System 5.6 - 'roll_no' SQL Injection S
Open Faculty Evaluation System 5.6 - 'sem_name' SQL Injection S
OwnTicket 1.0 - 'editTicketID' SQL Injection S
OwnTicket 1.0 - 'showTicketID' SQL Injection S
RhinOS CMS 3.x - Arbitrary File Download S
Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection S
School ERP Ultimate 2018 - 'fid' SQL Injection S
School ERP Ultimate 2018 - Arbitrary File Download S
SugarCRM 6.5.26 - 'yid' Cross-Site Scripting S
SugarCRM 6.5.26 - Cross-Site Scripting flashcanvas S
Sync Breeze Enterprise 10.4.18 - Remote Buffer Overflow S
The Open ISES Project 3.30A - 'city_graph' SQL Injection S
The Open ISES Project 3.30A - 'frm_passwd' SQL Injection S
The Open ISES Project 3.30A - 'id' SQL Injection S
The Open ISES Project 3.30A - 'p1' SQL Injection S
The Open ISES Project 3.30A - 'ticket_id' SQL Injection S
The Open ISES Project 3.30A - 'tick_lat' SQL Injection S
The Open ISES Project 3.30A - 'types_graph' SQL Injection S
Time and Expense Management System 3.0 - 'EditUser' SQL Injection S
Time and Expense Management System 3.0 - 'field' SQL Injection S
Time and Expense Management System 3.0 - 'table' SQL Injection S
Vishesh Auto Index 3.1 - 'download' SQL Injection S
Vishesh Auto Index 3.1 - 'file' SQL Injection S
Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection S
Viva Visitor & Volunteer ID Tracking 0.95.1 - 'lname' SQL Injection S
Viva Visitor & Volunteer ID Tracking 0.95.1 - 'me' SQL Injection S
WebVet 0.1a - 'id' SQL Injection S
WebVet 0.1a - 'lastname' SQL Injection S
WebVet 0.1a - 'patient' SQL Injection S
WordPress Plugin Support Board 1.2.3 - 'msg' Cross-Site Scripting S
WordPress Plugin Support Board 1.2.3 - File upload Cross-Site Scripting S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.