Search

Traffic File Update - October 2018

This Traffic IQ Professional update for October 2018 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for October 2018

245 Application Exploits

Axis Network Camera - .srv to parhand RCE S
CA Release Automation NiMi 6.5 - Check Security Enabled S
CA Release Automation NiMi 6.5 - Remote Command Execution S
Cash Back Comparison Script 1.0 - SQL Injection S
Centos Web Panel 0.9.8.480 - Command Injection_1 S
Centos Web Panel 0.9.8.480 - Command Injection_2 S
Centos Web Panel 0.9.8.480 - Command Injection_3 S
Centos Web Panel 0.9.8.480 - Command Injection_4 S
Centos Web Panel 0.9.8.480 - Cross-site Scripting_1 (fm_current_dir) S
Centos Web Panel 0.9.8.480 - Cross-site Scripting_2 (module) S
Centos Web Panel 0.9.8.480 - Cross-site Scripting_3 (service_start) S
Centos Web Panel 0.9.8.480 - Cross-site Scripting_4 (service_fullstatus) S
Centos Web Panel 0.9.8.480 - Cross-site Scripting_5 (service_restart) S
Centos Web Panel 0.9.8.480 - Cross-site Scripting_6 (service_stop) S
Centos Web Panel 0.9.8.480 - Cross-site Scripting_7 (file) S
Centos Web Panel 0.9.8.480 - Cross-site Scripting_8 (module) S
Centos Web Panel 0.9.8.480 - Local File Inclusion S
Chamilo LMS 1.11.8 - 'firstname' Cross-Site Scripting S
Chamilo LMS 1.11.8 - 'lastname' Cross-Site Scripting S
Chamilo LMS 1.11.8 - Cross-Site Scripting S
College Notes Management System 1.0 - 'user' SQL Injection S
HotelDruid 2.2.4 - 'anno' SQL Injection S
HotelDruid 2.2.4 - 'anno' SQL Injection_1 S
HP Jetdirect - Path Traversal Arbitrary Code Execution S
HTTP 2kb Amazon Affiliates Store plugin for WordPress Cross Site Scripting Vuln S
HTTP Academic Timetable Final Build 7.0 - Information Disclosure S
HTTP Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin) S
HTTP Advanced HRM 1.6 - Remote Code Execution S
HTTP Agora Project 'action' Cross Site Scripting Vuln S
HTTP Agora Project 'action' Cross Site Scripting Vuln_1 S
HTTP Agora Project 'msgNotif[]' Cross Site Scripting Vuln S
HTTP Agora Project 'targetObjIdChild' Cross Site Scripting Vuln S
HTTP amtyThumb posts plugin for WordPress 'amtyThumbPostsAdminPg.php' XSS Vuln S
HTTP Apache Portals Pluto 3.0.0 - Remote Code Execution S
HTTP Apache Syncope 2.0.7 - Information Disclosure S
HTTP Apache Syncope 2.0.7 - Remote Code Execution S
HTTP BigTree CMS 4.2.23 - Cross-Site Scripting S
HTTP CAMALEON CMS 2.4 - Cross-Site Scripting S
HTTP Collectric CMU 1.0 - 'lang' SQL injection S
HTTP D-Link Central WiFiManager Software Controller 1.03 - 'sitename' Cross Site Scripting S
HTTP D-Link Central WiFiManager Software Controller 1.03 - 'username' Cross Site Scripting S
HTTP D-Link Central WiFiManager Software Controller 1.03 - Unrestricted Upload S
HTTP Data Components TSiteBuilder 'pagelist.php' SQL Injection Vuln S
HTTP Data Components TSiteBuilder 'page_new.php' SQL Injection Vuln S
HTTP Data Components TSiteBuilder 'site.php' SQL Injection Vuln S
HTTP E-Registrasi Pencak Silat 'id_partai' SQL Injection Vuln S
HTTP Education Website 'city' SQL Injection Vuln S
HTTP Education Website 'country' SQL Injection Vuln S
HTTP Education Website 'subject' SQL Injection Vuln S
HTTP Ektron CMS 9.20 SP2 - Improper Access Restrictions S
HTTP Emag Marketplace Connector plugin for WordPress 'awb-meta-box.php' XSS Vuln S
HTTP Episerver 7 patch 4 - XML External Entity Injection S
HTTP Flippa Marketplace Clone 'date_started' SQL Injection Vuln S
HTTP Flippa Marketplace Clone 'desc' SQL Injection Vuln S
HTTP FLIR AX8 Thermal Camera 1.32.16 - 'add root user' Remote Code Execution S
HTTP FLIR AX8 Thermal Camera 1.32.16 - 'stream freeze' Remote Code Execution S
HTTP FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure S
HTTP FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure S
HTTP FLIR Brickstream 3D+ 2.1.742.1842 - 'ExportConfig' File Disclosure S
HTTP FLIR Brickstream 3D+ 2.1.742.1842 - 'ExportLogs' File Disclosure S
HTTP FLIR Brickstream 3D+ 2.1.742.1842 - 'getConfigExportFile.cgi' File Disclosure S
HTTP FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure S
HTTP Gespage 'show_month' SQL Injection Vuln S
HTTP Gespage 'show_month' SQL Injection Vuln_1 S
HTTP Gespage 'show_prn' SQL Injection Vuln S
HTTP GetSimple CMS 'movieName' Cross Site Scripting Vuln S
HTTP H2 Database 1.4.196 - Unauthenticated Database Creation S
HTTP HaPe PKH 'desa' SQL Injection Vuln S
HTTP HaPe PKH 'id' SQL Injection Vuln S
HTTP HaPe PKH 'id' SQL Injection Vuln_1 S
HTTP HaPe PKH 'id' SQL Injection Vuln_2 S
HTTP HaPe PKH 'id' SQL Injection Vuln_3 S
HTTP HaPe PKH 'id' SQL Injection Vuln_4 S
HTTP HaPe PKH 'id' SQL Injection Vuln_5 S
HTTP HaPe PKH 'id' SQL Injection Vuln_6 S
HTTP HaPe PKH 'nama_kelompok' SQL Injection Vuln S
HTTP HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin) (From Server) S
HTTP HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin) (To Server) S
HTTP Heatmiser Wifi Thermostat 1.7 - Credential Disclosure S
HTTP Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 170109) - Security Bypass S
HTTP Hotel Booking Engine 'destination' SQL Injection Vuln S
HTTP Hotel Booking Engine 'h_room_type' SQL Injection Vuln S
HTTP InLinks plugin for WordPress 'inlinks.php' SQL Injection Vuln S
HTTP iProject Management System 'index.php' SQL Injection Vuln S
HTTP iProject Management System 'index.php' SQL Injection Vuln_1 S
HTTP Jfrog Artifactory 4.16 - Unauthenticated Arbitrary File Upload Remote Command Execution S
HTTP Joomla Component eXtroForms 2.1.5 - 'filter_pid_id' SQL Injection S
HTTP Joomla Component eXtroForms 2.1.5 - 'filter_search' SQL Injection S
HTTP Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection S
HTTP Joomla! Component AlphaIndex Dictionaries 'index.php' SQL Injection Vuln S
HTTP Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection S
HTTP Joomla! Component Article Factory Manager 'index.php' SQL Injection Vuln S
HTTP Joomla! Component Article Factory Manager 'index.php' SQL Injection Vuln_1 S
HTTP Joomla! Component Article Factory Manager 'index.php' SQL Injection Vuln_2 S
HTTP Joomla! Component Auction Factory 'filter_order' SQL Injection Vuln S
HTTP Joomla! Component Auction Factory 'filter_order_Dir' SQL Injection Vuln S
HTTP Joomla! Component Collection Factory 'filter_order' SQL Injection Vuln S
HTTP Joomla! Component Collection Factory 'filter_order_Dir' SQL Injection Vuln S
HTTP Joomla! Component CW Article Attachments 'id' SQL Injection Vuln S
HTTP Joomla! Component Dutch Auction Factory 'filter_order' SQL Injection Vuln S
HTTP Joomla! Component Dutch Auction Factory 'filter_order_Dir' SQL Injection Vuln S
HTTP Joomla! Component Jimtawl 'id' SQL Injection Vuln S
HTTP Joomla! Component Jobs Factory 'filter_letter' SQL Injection Vuln S
HTTP Joomla! Component Micro Deal Factory 'id' SQL Injection Vuln S
HTTP Joomla! Component Music Collection 'id' SQL Injection Vuln S
HTTP Joomla! Component NS Download Shop 'index.php' SQL Injection Vuln S
HTTP Joomla! Component Penny Auction Factory 'filter_order' SQL Injection Vuln S
HTTP Joomla! Component Penny Auction Factory 'filter_order_Dir' SQL Injection Vuln S
HTTP Joomla! Component Questions 'groups' SQL Injection Vuln S
HTTP Joomla! Component Questions 'group_name' SQL Injection Vuln S
HTTP Joomla! Component Questions 'term' SQL Injection Vuln S
HTTP Joomla! Component Questions 'userid' SQL Injection Vuln S
HTTP Joomla! Component Questions 'users' SQL Injection Vuln S
HTTP Joomla! Component Raffle Factory 'filter_order' SQL Injection Vuln S
HTTP Joomla! Component Raffle Factory 'filter_order_Dir' SQL Injection Vuln S
HTTP Joomla! Component Responsive Portfolio 1.6.1 - 'filter_pid_id' SQL Injection S
HTTP Joomla! Component Responsive Portfolio 1.6.1 - 'filter_search' SQL Injection S
HTTP Joomla! Component Responsive Portfolio 1.6.1 - 'filter_type_id' SQL Injection S
HTTP Joomla! Component Reverse Auction Factory 'cat' SQL Injection Vuln S
HTTP Joomla! Component Reverse Auction Factory 'filter_letter' SQL Injection Vuln S
HTTP Joomla! Component Reverse Auction Factory 'filter_order_Dir' SQL Injection Vuln S
HTTP Joomla! Component Social Factory 'radius[lat]' SQL Injection Vuln S
HTTP Joomla! Component Social Factory 'radius[lng]' SQL Injection Vuln S
HTTP Joomla! Component Social Factory 'radius[radius]' SQL Injection Vuln S
HTTP Joomla! Component Swap Factory 'index.php' SQL Injection Vuln S
HTTP Joomla! Component Swap Factory 'index.php' SQL Injection Vuln_1 S
HTTP Joomla! Component Timetable Schedule 'index.php' SQL Injection Vuln S
HTTP Joomla! Component Zh YandexMap 'index.php' SQL Injection Vuln S
HTTP jQuery-File-Upload 9.22.0 - Arbitrary File Upload S
HTTP LG Smart IP Camera 1508190 - Download Log Files S
HTTP LG SuperSign EZ CMS 2.5 - Remote Code Execution S
HTTP LUYA CMS 'description' Cross Site Scripting Vuln S
HTTP ManageEngine Desktop Central 'Features & Articles' Cross Site Scripting Vuln S
HTTP Microsoft Edge Chakra JIT - 'InlineArrayPush' Type Confusion S
HTTP Microsoft Edge Chakra JIT - Parameter Scope Parsing Type Confusion S
HTTP MS Edge Chakra JIT - InitializeNumberFormat and InitializeDateTimeFormat Type Confusion S
HTTP Navigate CMS 'navigate.php' Cross Site Scripting Vuln S
HTTP Netils Netis-WF2419 Wireless Router CSRF Vuln (From Server) S
HTTP Netils Netis-WF2419 Wireless Router CSRF Vuln (To Server) S
HTTP Netis ADSL Router DL4322D RTK 2.1.1 - CSRF (Add Admin) (From Server) S
HTTP Netis ADSL Router DL4322D RTK 2.1.1 - CSRF (Add Admin) (To Server) S
HTTP PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add Admin) (From Server) S
HTTP PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add Admin) (To Server) S
HTTP Pootle button plugin for WordPress 'admin-ajax.php' Cross Site Scripting Vuln S
HTTP PopCash.Net Publisher Code Integration plugin for WordPress 'admin.php' XSS Vuln S
HTTP RICOH Aficio MP 301 Printer 'entryNameIn' Cross Site Scripting Vuln S
HTTP RICOH MP C1803 JPN Printer 'entryNameIn' Cross Site Scripting Vuln S
HTTP RICOH MP C2003 Printer 'entryNameIn' Cross Site Scripting Vuln S
HTTP RICOH MP C406Z Printer 'entryNameIn' Cross Site Scripting Vuln S
HTTP RICOH MP C6003 printer 'entryNameIn' Cross Site Scripting Vun S
HTTP Scriptzee Job Board Software 'nice_theme' SQL Injection Vuln S
HTTP Seagate Personal Cloud SRN21C 4.3.16.0 4.3.18.0 - SQL Injection S
HTTP SOA School Management software 'access_login' SQL Injection Vuln S
HTTP SonicWall Global Management System - XMLRPC set_time_zone Command Injection (Metasploit) S
HTTP StivaSoft Rate Me PHP Script 'rate-me.php' Cross Site Scripting Vuln S
HTTP Super Cms Blog Pro 'author' SQL Injection Vuln S
HTTP Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin) S
HTTP tousifkhan Complain Management System 'view.php' SQL Injection Vuln S
HTTP Twitter-Clone 1 - 'code' SQL Injection S
HTTP Twitter-Clone 1 - 'id' SQL Injection S
HTTP Twitter-Clone 1 - 'index.php' SQL Injection S
HTTP Twitter-Clone 1 - 'name' SQL Injection S
HTTP Twitter-Clone 1 - 'userid' SQL Injection S
HTTP Twitter-Clone 1 - 'username' SQL Injection S
HTTP Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution S
HTTP WAGO 'snmp.ssi' Cross Site Scripting Vuln S
HTTP WebKit - 'WebCoreAXObjectCachehandleMenuItemSelected' Use-After-Free S
HTTP WebKit - 'WebCoreInlineTextBoxpaint' Out-of-Bounds Read S
HTTP WebKit - 'WebCoreNodeensureRareData' Use-After-Free S
HTTP WebKit - 'WebCoreRenderLayerupdateDescendantDependentFlags' Use-After-Free S
HTTP WebKit - 'WebCoreRenderMultiColumnSetupdateMinimumColumnHeight' Use-After-Free S
HTTP WebKit - 'WebCoreRenderTreeBuilderremoveAnonymousWrappersForInlineChildrenIfNeeded' UAF S
HTTP WebKit - 'WebCoreSVGAnimateElementBaseresetAnimatedType' Use-After-Free S
HTTP WebKit - 'WebCoreSVGTextLayoutAttributescontext' Use-After-Free S
HTTP WebKit - 'WebCoreSVGTRefElementupdateReferencedText' Use-After-Free S
HTTP Wikidforum 'index.php' SQL Injection Vuln S
HTTP Wikidforum 'index.php' SQL Injection Vuln_1 S
HTTP Wikidforum 'index.php' SQL Injection Vuln_2 S
HTTP Wikidforum 'index.php' SQL Injection Vuln_3 S
HTTP Wikidforum 'index.php' SQL Injection Vuln_4 S
HTTP Wikidforum 'index.php' SQL Injection Vuln_5 S
HTTP Wikidforum 'num_records' SQL Injection Vuln S
HTTP Wikidforum 'parent_post_id' SQL Injection Vuln S
HTTP Wikidforum 'rpc.php' Cross Site Scripting Vuln S
HTTP Wikidforum 'rpc.php' SQL Injection Vuln S
HTTP Wikidforum 'select_sort' SQL Injection Vuln S
HTTP WUZHI CMS 'index.php' Cross Site Scripting Vuln S
HTTP WUZHI CMS 'index.php' Cross Site Scripting Vuln_1 S
HTTP Yoast SEO plugin for WordPress 'class-gsc-table.php' Cross Site Scripting Vuln S
Imperva SecureSphere 13 - Remote Command Execution S
Joomla! Component Joomanager 2.0.0 - Arbitrary File Download S
Joomla! Component Proclaim 9.1.1 - Arbitrary File Upload S
Joomla! Component Proclaim 9.1.1 - Backup File Download S
Kirby CMS 2.5.12 - Cross-Site Request Forgery (from server) S
Kirby CMS 2.5.12 - Cross-Site Request Forgery (to server) S
Kirby CMS 2.5.12 - Cross-Site Scripting S
KORA 2.7.0 - 'cid' SQL Injection S
LAMS 3.1 - Cross-Site Scripting Attack S
Library CMS 2.1.1 - Cross-Site Scripting S
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting_1 S
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting_2 S
ManageEngine ADManager Plus 6.5.7 - HTML Injection S
MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection S
MaxOn ERP Software 8.x-9.x - 'user' SQL Injection S
MistServer 2.12 - Cross-Site Scripting_1 S
MistServer 2.12 - Cross-Site Scripting_2 S
MistServer 2.12 - Cross-Site Scripting_3 S
Monstra-Dev 3.0.4 - Cross-Site Request Forgery (from server) S
Monstra-Dev 3.0.4 - Cross-Site Request Forgery (to server) S
Monstra-Dev Stored Cross Site Scripting S
Navigate CMS - Authentication Bypass S
Navigate CMS - Unauthenticated Remote Code Execution S
Navigate CMS 2.8.5 - Arbitrary File Download S
onArcade 2.4.2 - Cross-Site Request Forgery (from server) S
onArcade 2.4.2 - Cross-Site Request Forgery (to server) S
Online Voting System - Authentication Bypass S
PHPFreeChat 1.7 Denial of Service S
phpMyAdmin 4.7.x - Cross-Site Request Forgery(from server)_2 S
phpMyAdmin 4.7.x - Cross-Site Request Forgery(from server)_4 S
phpMyAdmin 4.7.x - Cross-Site Request Forgery(to server)_1 S
phpMyAdmin 4.7.x - Cross-Site Request Forgery(to server)_3 S
phpMyAdmin 4.7.x - Cross-Site Request Forgery(to server)_6 S
Professional Service Script 1.0 SQL Injection S
Readymade PHP Classified Script 3.3 SQL Injection_1 S
Readymade PHP Classified Script 3.3 SQL Injection_2 S
RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin) S
Schools Alert Management Script - SQL Injection_1 S
Schools Alert Management Script - SQL Injection_2 S
Schools Alert Management Script - SQL Injection_3 S
Schools Alert Management Script - SQL Injection_4 S
Schools Alert Management Script - SQL Injection_5 S
Sentrifugo HRMS 3.2 - 'deptid' SQL Injection S
Simple POS 4.0.24 - 'columns[0][search][value]' SQL Injection S
Sitecore CMS 8.2 File Disclosure_1 S
Sitecore CMS 8.2 File Disclosure_2 S
Sitecore CMS 8.2 Reflected Cross Site Scripting S
Topsites Script 1.0 - Cross-Site Request Forgery PHP Code Injection S
TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure S
Twig 2.4.4 - Server Side Template Injection S
WordPress Plugin Form Maker 1.12.24 - SQL Injection(from server)_2 S
WordPress Plugin Form Maker 1.12.24 - SQL Injection(from server)_3 S
WordPress Plugin Form Maker 1.12.24 - SQL Injection(to server)_1 S
WordPress Plugin Form Maker 1.12.24 - SQL Injection(to server)_4 S
WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection S
WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.