Traffic IQ Professional
Traffic File Update for September 2018
171 Application Exploits
FTP Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC) S
FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution S
HP Client - Automation Command Injection S
HTTP ADM 3.1.2RHG1 - Remote Code Execution S
HTTP Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit) S
HTTP Apache Struts 2.3 2.3.34 2.5 2.5.16 - Remote Code Execution S
HTTP Argus Surveillance DVR 'webaccount.cgi' Directory Traversal Vuln S
HTTP Arigato Autoresponder and Newsletter for WordPress 'admin.php' XSS Vuln S
HTTP Arigato Autoresponder and Newsletter for WordPress 'admin.php' XSS Vuln_1 S
HTTP ASUS DSL-N12E_C1 1.1.2.3_345 - Remote Command Execution S
HTTP ASUSTOR ADM 3.1.0.RFQ3 - 'album_id' SQL Injection S
HTTP ASUSTOR ADM 3.1.0.RFQ3 - 'scope' SQL Injection S
HTTP ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution S
HTTP Car Park Booking plugin for WordPress 'space_id' SQL injection Vuln S
HTTP Career Portal 'keyword' SQL Injection Vuln S
HTTP cgit 'cgit_clone_objects function' Directory Traversal Vuln S
HTTP CirCarLife SCADA 4.3.0 - Credential Disclosure S
HTTP Clipshare 'category' SQL Injection Vuln S
HTTP Codester Easy Blog PHP Script 'article.php' SQL Injection Vuln S
HTTP Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection S
HTTP Creatiwity WityCMS (Password Change) CSRF Vuln (From Server) S
HTTP Creatiwity WityCMS (Password Change) CSRF Vuln (To Server) S
HTTP D-Link DIR-615 - 'Authorization' Denial of Service (PoC) S
HTTP D-Link DIR-615 - 'Cookie' Denial of Service (PoC) S
HTTP DamiCMS (Change Admin Password) CSRF Vuln (From Server) S
HTTP DamiCMS (Change Admin Password) CSRF Vuln (To Server) S
HTTP Digirez (Update Admin) CSRF Vuln (From Server) S
HTTP Digirez (Update Admin) CSRF Vuln (To Server) S
HTTP Dolibarr 'list.php' SQL Injection Vuln S
HTTP E-Sic Software livre CMS 'cpfcnpj' SQL Injection Vuln S
HTTP E-Sic Software livre CMS 'f' SQL Injection Vuln S
HTTP E-Sic Software livre CMS 'q' SQL Injection Vuln S
HTTP Ericsson-LG iPECS NMS 'filename' Directory Traversal Vuln S
HTTP Ericsson-LG iPECS NMS 'filepath' Directory Traversal Vuln S
HTTP Firefox 55.0.3 - Denial of Service (PoC) S
HTTP Fortune Scripts Amazon Clone 'category_id' SQL Injection Vuln S
HTTP Fortune Scripts Book Store Script 'category' SQL Injection Vuln S
HTTP Fortune Scripts Car Rental Script 'pickup_location' SQL Injection Vuln S
HTTP Fortune Scripts Care Clone 'sitterService' SQL Injection Vuln S
HTTP Fortune Scripts Crowdfunding Script 'id' SQL Injection Vuln S
HTTP Fortune Scripts Ebay Clone 'pd_maincat_id' SQL Injection Vuln S
HTTP Fortune Scripts Expedia Clone 'hid' SQL Injection Vuln S
HTTP Fortune Scripts Food Delivery Script 'keywords' SQL Injection Vuln S
HTTP Fortune Scripts Freelancer Clone 'sk' SQL Injection Vuln S
HTTP Fortune Scripts Groupon Clone 'category' SQL Injection Vuln S
HTTP Fortune Scripts Indiamart Clone 'keywords' SQL Injection Vuln S
HTTP Fortune Scripts Lynda Clone 'category' SQL Injection Vuln S
HTTP Fortune Scripts Monster Clone 'id' SQL Injection Vuln S
HTTP Fortune Scripts OLX Clone 'catg_id' SQL Injection Vuln S
HTTP Fortune Scripts Realtor Clone 'id' SQL Injection Vuln S
HTTP Fortune Scripts Shutter Stock Clone 'keywords' SQL Injection Vuln S
HTTP Fortune Scripts Thumbtack Clone 'ser' SQL Injection Vuln S
HTTP Fortune Scripts Trademe Clone 'id' SQL Injection Vuln S
HTTP FS Thumbtack Clone 1.0 'sc' SQL Injection S
HTTP FsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection S
HTTP Geutebrueck re_porter 7.8.974.20 - Credential Disclosure S
HTTP Gleez CMS (Add Admin) CSRF Vuln (From Server) S
HTTP Gleez CMS (Add Admin) CSRF Vuln (To Server) S
HTTP Google Chrome - Swiftshader Blitting Floating-Point Precision Errors S
HTTP Google Chrome - SwiftShader OpenGL Texture Bindings Reference Count Leak S
HTTP IBM Identity Governance and Intelligence SQL Injection Vun S
HTTP Ingenious School Management System 'friend_index' SQL Injection Vuln S
HTTP ISWEB 'file' Directory Traversal Vuln S
HTTP Jibu Pro Plugin for WordPress 'name' Cross Site Scripting Vuln S
HTTP Joomla Component JCK Editor 'parent' SQL Injection Vuln S
HTTP Jorani Leave Management 0.6.5 - 'enddate' SQL Injection S
HTTP Jorani Leave Management 0.6.5 - 'startdate' SQL Injection S
HTTP Jorani Leave Management 0.6.5 - Cross-Site Scripting S
HTTP KingMedia 4.1 - Remote Code Execution S
HTTP LG NAS 3718.510.a0 - Remote Command Execution S
HTTP LG SuperSign CMS 'signEzUI playlist edit upload' Directory Traversal Vuln S
HTTP Localize My Post plugin for WordPress 'file' Local File Inclusion Vuln S
HTTP Logicspice FAQ Script 2.9.7 - Remote Code Execution S
HTTP LW-N605R 12.20.2.1486 - Remote Code Execution S
HTTP ManageEngine Applications Manager 13 - 'manageApplications.do' SQL Injection S
HTTP ManageEngine Applications Manager 13 - 'viewid' SQL Injection S
HTTP ManageEngine Applications Manager 13 - 'viewProps' SQL Injection S
HTTP Microsoft Edge Chakra - 'PathTypeHandlerBaseSetAttributesHelper' Type Confusion S
HTTP Microsoft Edge Chakra JIT - 'DictionaryPropertyDescriptorCopyFrom' Type Confusion S
HTTP Microsoft Edge Chakra JIT - 'localeCompare' Type Confusion S
HTTP Microsoft Edge Chakra JIT - ImplicitCallFlags Check Bypass with Intl S
HTTP Microsoft Windows - JScript RegExp.lastIndex Use-After-Free S
HTTP Microsoft Windows Explorer Out-of-Bound Read - Denial of Service (PoC) S
HTTP Microsoft Windows Remote Assistance - XML External Entity Injection S
HTTP mooSocial Store Plugin 2.6 - SQL Injection S
HTTP Nelliwinne Easy Web Search 'admin-delete.php' SQL Injection Vuln S
HTTP Nelliwinne Easy Web Search 'admin-spidermode.php' SQL Injection Vuln S
HTTP Nelliwinne WYSIWYG HTML Editor PRO 'download.php' Arbitrary File Download S
HTTP NethServer 'Upload.json' Cross Site Request Forgery Vuln (From Server) S
HTTP NethServer 'Upload.json' Cross Site Request Forgery Vuln (To Server) S
HTTP Netis ADSL Router DL4322D 'form2Ddns.cgi' Cross Site Scripting Vuln S
HTTP Nimble Professional (Update Admin) CSRF Vuln (From Server) S
HTTP Nimble Professional (Update Admin) CSRF Vuln (To Server) S
HTTP NovaRad NovaPACS Diagnostics Viewer 8.5 - XML External Entity Injection (Disclosure) S
HTTP NUUO NVRMini2 - Disable Cameras Remote Command Execution (CVE-2018-1149) S
HTTP NUUO NVRMini2 - Remote Command Execution (CVE-2018-1149) S
HTTP NUUO NVRMini2 - Unauthenticated Password Change (CVE-2018-1150) S
HTTP NUUO NVRMini2 - Username Enumeration (CVE-2018-1150) S
HTTP Online Quiz Maker 'catid' SQL Injection Vuln S
HTTP Online Quiz Maker 'usern' SQL Injection Vuln S
HTTP OpenCMS 'user_role.jsp' CSRF Vuln (From Server) S
HTTP OpenCMS 'user_role.jsp' CSRF Vuln (To Server) S
HTTP OpenEMR 'import_template.php' (Delete) Directory Traversal Vuln S
HTTP OpenEMR 'import_template.php' (Read) Directory Traversal Vuln S
HTTP OpenEMR 'portal import_template.php' Code Execution Vuln S
HTTP OpenText Document Sciences xPression 'documentId' SQL Injection Vuln S
HTTP OpenText Document Sciences xPression 'jobRunId' SQL Injection Vuln S
HTTP PHP File Browser Script 1 'index.php' Directory Traversal Vuln S
HTTP PHP Scripts Mall PHP Auction Ecommerce Script SQL Injection Vuln S
HTTP phpCollab 'deletebookmarks.php' SQL Injection Vuln S
HTTP phpCollab 'deletecalendar.php' SQL Injection Vuln S
HTTP phpCollab 'deletetopics.php' SQL Injection Vuln S
HTTP phpCollab 'deletetopics.php' SQL Injection Vuln_1 S
HTTP Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection S
HTTP QNAP Photo Cross Site Scripting Vuln S
HTTP Quizlord Plugin for WordPress 'title' Cross Site Scripting Vuln S
HTTP rcfilters plugin for Roundcube '_messages' Cross Site Scripting Vuln S
HTTP rcfilters plugin for Roundcube '_whatfilter' Cross Site Scripting Vuln S
HTTP Responsive FileManager 'file' Directory Traversal Vuln S
HTTP Responsive Filemanager 9.13.1 - Server-Side Request Forgery S
HTTP RPi Cam Control 6.4.25 - 'preview.php' Remote Command Execution S
HTTP Rubedo CMS Directory Traversal Vuln S
HTTP Seq 4.2.476 - Authentication Bypass S
HTTP Sitecore CMS 'default.aspx' Directory Traversal Vuln S
HTTP Softneta MedDream PACS Server 'email' SQL Injection Vuln S
HTTP Softneta MedDream PACS Server 'path' Directory Traversal Vuln S
HTTP Softneta MedDream PACS Server 'username' SQL Injection Vuln S
HTTP Synology DiskStation Manager 'lang' Directory Traversal Vuln S
HTTP TI Online Examination System 'download.php' Arbitrary File Download Vuln S
HTTP TP-Link Wireless N Router WR840N - 'Authorization' Denial of Service (PoC) S
HTTP Twitter-Clone (Delete Post) CSRF Vuln (From Server) S
HTTP Twitter-Clone (Delete Post) CSRF Vuln (To Server) S
HTTP TYPO3 News Module - SQL Injection S
HTTP UltimatePOS 2.5 - Remote Code Execution S
HTTP Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection S
HTTP User Login and Management PHP Script 'change password' CSRF Vuln (From Server) S
HTTP User Login and Management PHP Script 'change password' CSRF Vuln (To Server) S
HTTP Vox Telecom TG790 ADSL Router Cross Site Scripting Vuln S
HTTP Vox TG790 ADSL Router (Add Admin) CSRF Vuln (From Server) S
HTTP Vox TG790 ADSL Router (Add Admin) CSRF Vuln (To Server) S
HTTP Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit) S
HTTP Wavemaker Studio 6.6 - Server-Side Request Forgery S
HTTP Wechat Broadcast plugin for WordPress 'url' Directory Traversal Vuln S
HTTP Wechat Broadcast plugin for WordPress Local File Inclusion Vuln S
HTTP Wibu-Systems CodeMeter 'server name' Cross Site Scripting Vuln S
HTTP Wibu-Systems CodeMeter 'server name' Cross Site Scripting Vuln_1 S
HTTP Wibu-Systems CodeMeter 'server name' Cross Site Scripting Vuln_2 S
HTTP WirelessHART Fieldgate SWG70 3.0 - Directory Traversal S
HTTP WiseGiga NAS 'filename' Local File Include Vuln S
HTTP WiseGiga NAS 'filename' Local File Include Vuln_1 S
HTTP WiseGiga NAS 'filename' Local File Include Vuln_2 S
HTTP WiseGiga NAS 'filename' Local File Include Vuln_3 S
HTTP WordPress Ajax Load More 2.8.1.1 - PHP Upload S
HTTP WordPress Plugin All In One Favicon 4.6 - (Authenticated) 'backend' XSS S
HTTP WordPress Plugin All In One Favicon 4.6 - (Authenticated) 'frontend' XSS S
HTTP WordPress Plugin Plainview Activity Monitor 20161228 - (Authenticated) Command Injection S
HTTP WPHRM plugin for WordPress 'employee_id' SQL Injection Vuln S
HTTP WPHRM plugin for WordPress 'id' SQL Injection Vuln S
HTTP Xerone IT PageResponse add-on for FB Inboxer 'search_field' SQL Injection Vuln S
HTTP Zabbix 2.0 3.0.3 - SQL Injection S
HTTP Zimbra Collaboration Cross Site Scripting Vuln S
HTTP ZyXEL VMG3312 'hostname' Cross Site Scripting Vuln S
Malware GET Request Associated with Emotet Malware (190.147.53.140) S
Malware GET Request Associated with Emotet Malware (201.111.8.75) S
Malware GET Request Associated with Emotet Malware (31.167.248.50) S
Malware GET Request Associated with Emotet Malware (louisianaplating.com) S
Malware GET Request Associated with Emotet Malware (sloegincottage.co.uk) S
Malware GET Request Associated with Emotet Malware (stonehouse.me.uk) S
Malware POST Request Associated with Emotet Malware (31.167.248.50) S
SEIG Modbus 3.4 - Remote Code Execution S
SEIG SCADA System 9 - Remote Code Execution S