Search

Traffic File Update - September 2018

This Traffic IQ Professional update for September 2018 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for September 2018

171 Application Exploits

FTP Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC) S
FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution S
HP Client - Automation Command Injection S
HTTP ADM 3.1.2RHG1 - Remote Code Execution S
HTTP Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit) S
HTTP Apache Struts 2.3 2.3.34 2.5 2.5.16 - Remote Code Execution S
HTTP Argus Surveillance DVR 'webaccount.cgi' Directory Traversal Vuln S
HTTP Arigato Autoresponder and Newsletter for WordPress 'admin.php' XSS Vuln S
HTTP Arigato Autoresponder and Newsletter for WordPress 'admin.php' XSS Vuln_1 S
HTTP ASUS DSL-N12E_C1 1.1.2.3_345 - Remote Command Execution S
HTTP ASUSTOR ADM 3.1.0.RFQ3 - 'album_id' SQL Injection S
HTTP ASUSTOR ADM 3.1.0.RFQ3 - 'scope' SQL Injection S
HTTP ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution S
HTTP Car Park Booking plugin for WordPress 'space_id' SQL injection Vuln S
HTTP Career Portal 'keyword' SQL Injection Vuln S
HTTP cgit 'cgit_clone_objects function' Directory Traversal Vuln S
HTTP CirCarLife SCADA 4.3.0 - Credential Disclosure S
HTTP Clipshare 'category' SQL Injection Vuln S
HTTP Codester Easy Blog PHP Script 'article.php' SQL Injection Vuln S
HTTP Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection S
HTTP Creatiwity WityCMS (Password Change) CSRF Vuln (From Server) S
HTTP Creatiwity WityCMS (Password Change) CSRF Vuln (To Server) S
HTTP D-Link DIR-615 - 'Authorization' Denial of Service (PoC) S
HTTP D-Link DIR-615 - 'Cookie' Denial of Service (PoC) S
HTTP DamiCMS (Change Admin Password) CSRF Vuln (From Server) S
HTTP DamiCMS (Change Admin Password) CSRF Vuln (To Server) S
HTTP Digirez (Update Admin) CSRF Vuln (From Server) S
HTTP Digirez (Update Admin) CSRF Vuln (To Server) S
HTTP Dolibarr 'list.php' SQL Injection Vuln S
HTTP E-Sic Software livre CMS 'cpfcnpj' SQL Injection Vuln S
HTTP E-Sic Software livre CMS 'f' SQL Injection Vuln S
HTTP E-Sic Software livre CMS 'q' SQL Injection Vuln S
HTTP Ericsson-LG iPECS NMS 'filename' Directory Traversal Vuln S
HTTP Ericsson-LG iPECS NMS 'filepath' Directory Traversal Vuln S
HTTP Firefox 55.0.3 - Denial of Service (PoC) S
HTTP Fortune Scripts Amazon Clone 'category_id' SQL Injection Vuln S
HTTP Fortune Scripts Book Store Script 'category' SQL Injection Vuln S
HTTP Fortune Scripts Car Rental Script 'pickup_location' SQL Injection Vuln S
HTTP Fortune Scripts Care Clone 'sitterService' SQL Injection Vuln S
HTTP Fortune Scripts Crowdfunding Script 'id' SQL Injection Vuln S
HTTP Fortune Scripts Ebay Clone 'pd_maincat_id' SQL Injection Vuln S
HTTP Fortune Scripts Expedia Clone 'hid' SQL Injection Vuln S
HTTP Fortune Scripts Food Delivery Script 'keywords' SQL Injection Vuln S
HTTP Fortune Scripts Freelancer Clone 'sk' SQL Injection Vuln S
HTTP Fortune Scripts Groupon Clone 'category' SQL Injection Vuln S
HTTP Fortune Scripts Indiamart Clone 'keywords' SQL Injection Vuln S
HTTP Fortune Scripts Lynda Clone 'category' SQL Injection Vuln S
HTTP Fortune Scripts Monster Clone 'id' SQL Injection Vuln S
HTTP Fortune Scripts OLX Clone 'catg_id' SQL Injection Vuln S
HTTP Fortune Scripts Realtor Clone 'id' SQL Injection Vuln S
HTTP Fortune Scripts Shutter Stock Clone 'keywords' SQL Injection Vuln S
HTTP Fortune Scripts Thumbtack Clone 'ser' SQL Injection Vuln S
HTTP Fortune Scripts Trademe Clone 'id' SQL Injection Vuln S
HTTP FS Thumbtack Clone 1.0 'sc' SQL Injection S
HTTP FsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection S
HTTP Geutebrueck re_porter 7.8.974.20 - Credential Disclosure S
HTTP Gleez CMS (Add Admin) CSRF Vuln (From Server) S
HTTP Gleez CMS (Add Admin) CSRF Vuln (To Server) S
HTTP Google Chrome - Swiftshader Blitting Floating-Point Precision Errors S
HTTP Google Chrome - SwiftShader OpenGL Texture Bindings Reference Count Leak S
HTTP IBM Identity Governance and Intelligence SQL Injection Vun S
HTTP Ingenious School Management System 'friend_index' SQL Injection Vuln S
HTTP ISWEB 'file' Directory Traversal Vuln S
HTTP Jibu Pro Plugin for WordPress 'name' Cross Site Scripting Vuln S
HTTP Joomla Component JCK Editor 'parent' SQL Injection Vuln S
HTTP Jorani Leave Management 0.6.5 - 'enddate' SQL Injection S
HTTP Jorani Leave Management 0.6.5 - 'startdate' SQL Injection S
HTTP Jorani Leave Management 0.6.5 - Cross-Site Scripting S
HTTP KingMedia 4.1 - Remote Code Execution S
HTTP LG NAS 3718.510.a0 - Remote Command Execution S
HTTP LG SuperSign CMS 'signEzUI playlist edit upload' Directory Traversal Vuln S
HTTP Localize My Post plugin for WordPress 'file' Local File Inclusion Vuln S
HTTP Logicspice FAQ Script 2.9.7 - Remote Code Execution S
HTTP LW-N605R 12.20.2.1486 - Remote Code Execution S
HTTP ManageEngine Applications Manager 13 - 'manageApplications.do' SQL Injection S
HTTP ManageEngine Applications Manager 13 - 'viewid' SQL Injection S
HTTP ManageEngine Applications Manager 13 - 'viewProps' SQL Injection S
HTTP Microsoft Edge Chakra - 'PathTypeHandlerBaseSetAttributesHelper' Type Confusion S
HTTP Microsoft Edge Chakra JIT - 'DictionaryPropertyDescriptorCopyFrom' Type Confusion S
HTTP Microsoft Edge Chakra JIT - 'localeCompare' Type Confusion S
HTTP Microsoft Edge Chakra JIT - ImplicitCallFlags Check Bypass with Intl S
HTTP Microsoft Windows - JScript RegExp.lastIndex Use-After-Free S
HTTP Microsoft Windows Explorer Out-of-Bound Read - Denial of Service (PoC) S
HTTP Microsoft Windows Remote Assistance - XML External Entity Injection S
HTTP mooSocial Store Plugin 2.6 - SQL Injection S
HTTP Nelliwinne Easy Web Search 'admin-delete.php' SQL Injection Vuln S
HTTP Nelliwinne Easy Web Search 'admin-spidermode.php' SQL Injection Vuln S
HTTP Nelliwinne WYSIWYG HTML Editor PRO 'download.php' Arbitrary File Download S
HTTP NethServer 'Upload.json' Cross Site Request Forgery Vuln (From Server) S
HTTP NethServer 'Upload.json' Cross Site Request Forgery Vuln (To Server) S
HTTP Netis ADSL Router DL4322D 'form2Ddns.cgi' Cross Site Scripting Vuln S
HTTP Nimble Professional (Update Admin) CSRF Vuln (From Server) S
HTTP Nimble Professional (Update Admin) CSRF Vuln (To Server) S
HTTP NovaRad NovaPACS Diagnostics Viewer 8.5 - XML External Entity Injection (Disclosure) S
HTTP NUUO NVRMini2 - Disable Cameras Remote Command Execution (CVE-2018-1149) S
HTTP NUUO NVRMini2 - Remote Command Execution (CVE-2018-1149) S
HTTP NUUO NVRMini2 - Unauthenticated Password Change (CVE-2018-1150) S
HTTP NUUO NVRMini2 - Username Enumeration (CVE-2018-1150) S
HTTP Online Quiz Maker 'catid' SQL Injection Vuln S
HTTP Online Quiz Maker 'usern' SQL Injection Vuln S
HTTP OpenCMS 'user_role.jsp' CSRF Vuln (From Server) S
HTTP OpenCMS 'user_role.jsp' CSRF Vuln (To Server) S
HTTP OpenEMR 'import_template.php' (Delete) Directory Traversal Vuln S
HTTP OpenEMR 'import_template.php' (Read) Directory Traversal Vuln S
HTTP OpenEMR 'portal import_template.php' Code Execution Vuln S
HTTP OpenText Document Sciences xPression 'documentId' SQL Injection Vuln S
HTTP OpenText Document Sciences xPression 'jobRunId' SQL Injection Vuln S
HTTP PHP File Browser Script 1 'index.php' Directory Traversal Vuln S
HTTP PHP Scripts Mall PHP Auction Ecommerce Script SQL Injection Vuln S
HTTP phpCollab 'deletebookmarks.php' SQL Injection Vuln S
HTTP phpCollab 'deletecalendar.php' SQL Injection Vuln S
HTTP phpCollab 'deletetopics.php' SQL Injection Vuln S
HTTP phpCollab 'deletetopics.php' SQL Injection Vuln_1 S
HTTP Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection S
HTTP QNAP Photo Cross Site Scripting Vuln S
HTTP Quizlord Plugin for WordPress 'title' Cross Site Scripting Vuln S
HTTP rcfilters plugin for Roundcube '_messages' Cross Site Scripting Vuln S
HTTP rcfilters plugin for Roundcube '_whatfilter' Cross Site Scripting Vuln S
HTTP Responsive FileManager 'file' Directory Traversal Vuln S
HTTP Responsive Filemanager 9.13.1 - Server-Side Request Forgery S
HTTP RPi Cam Control 6.4.25 - 'preview.php' Remote Command Execution S
HTTP Rubedo CMS Directory Traversal Vuln S
HTTP Seq 4.2.476 - Authentication Bypass S
HTTP Sitecore CMS 'default.aspx' Directory Traversal Vuln S
HTTP Softneta MedDream PACS Server 'email' SQL Injection Vuln S
HTTP Softneta MedDream PACS Server 'path' Directory Traversal Vuln S
HTTP Softneta MedDream PACS Server 'username' SQL Injection Vuln S
HTTP Synology DiskStation Manager 'lang' Directory Traversal Vuln S
HTTP TI Online Examination System 'download.php' Arbitrary File Download Vuln S
HTTP TP-Link Wireless N Router WR840N - 'Authorization' Denial of Service (PoC) S
HTTP Twitter-Clone (Delete Post) CSRF Vuln (From Server) S
HTTP Twitter-Clone (Delete Post) CSRF Vuln (To Server) S
HTTP TYPO3 News Module - SQL Injection S
HTTP UltimatePOS 2.5 - Remote Code Execution S
HTTP Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection S
HTTP User Login and Management PHP Script 'change password' CSRF Vuln (From Server) S
HTTP User Login and Management PHP Script 'change password' CSRF Vuln (To Server) S
HTTP Vox Telecom TG790 ADSL Router Cross Site Scripting Vuln S
HTTP Vox TG790 ADSL Router (Add Admin) CSRF Vuln (From Server) S
HTTP Vox TG790 ADSL Router (Add Admin) CSRF Vuln (To Server) S
HTTP Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit) S
HTTP Wavemaker Studio 6.6 - Server-Side Request Forgery S
HTTP Wechat Broadcast plugin for WordPress 'url' Directory Traversal Vuln S
HTTP Wechat Broadcast plugin for WordPress Local File Inclusion Vuln S
HTTP Wibu-Systems CodeMeter 'server name' Cross Site Scripting Vuln S
HTTP Wibu-Systems CodeMeter 'server name' Cross Site Scripting Vuln_1 S
HTTP Wibu-Systems CodeMeter 'server name' Cross Site Scripting Vuln_2 S
HTTP WirelessHART Fieldgate SWG70 3.0 - Directory Traversal S
HTTP WiseGiga NAS 'filename' Local File Include Vuln S
HTTP WiseGiga NAS 'filename' Local File Include Vuln_1 S
HTTP WiseGiga NAS 'filename' Local File Include Vuln_2 S
HTTP WiseGiga NAS 'filename' Local File Include Vuln_3 S
HTTP WordPress Ajax Load More 2.8.1.1 - PHP Upload S
HTTP WordPress Plugin All In One Favicon 4.6 - (Authenticated) 'backend' XSS S
HTTP WordPress Plugin All In One Favicon 4.6 - (Authenticated) 'frontend' XSS S
HTTP WordPress Plugin Plainview Activity Monitor 20161228 - (Authenticated) Command Injection S
HTTP WPHRM plugin for WordPress 'employee_id' SQL Injection Vuln S
HTTP WPHRM plugin for WordPress 'id' SQL Injection Vuln S
HTTP Xerone IT PageResponse add-on for FB Inboxer 'search_field' SQL Injection Vuln S
HTTP Zabbix 2.0 3.0.3 - SQL Injection S
HTTP Zimbra Collaboration Cross Site Scripting Vuln S
HTTP ZyXEL VMG3312 'hostname' Cross Site Scripting Vuln S
Malware GET Request Associated with Emotet Malware (190.147.53.140) S
Malware GET Request Associated with Emotet Malware (201.111.8.75) S
Malware GET Request Associated with Emotet Malware (31.167.248.50) S
Malware GET Request Associated with Emotet Malware (louisianaplating.com) S
Malware GET Request Associated with Emotet Malware (sloegincottage.co.uk) S
Malware GET Request Associated with Emotet Malware (stonehouse.me.uk) S
Malware POST Request Associated with Emotet Malware (31.167.248.50) S
SEIG Modbus 3.4 - Remote Code Execution S
SEIG SCADA System 9 - Remote Code Execution S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.