Traffic IQ Professional
Traffic File Update for December 2018
143 Application Exploits
Advanced Comment System 1.0 - SQL Injection S
Alienor Web Libre 2.0 - SQL Injection S
Alive Parish 2.0.4 - SQL Injection S
BitZoom 1.0 - 'rollno' SQL Injection S
BitZoom 1.0 - 'username on forgot.php' SQL Injection S
BitZoom 1.0 - 'username on Logon.php' SQL Injection S
Data Center Audit 2.6.2 - 'username' SQL Injection S
DoceboLMS 1.2 - SQL Injection S
DomainMOD 4.11.01 - 'ipid' Cross-Site Scripting S
DomainMOD 4.11.01 - 'raid' Cross-Site Scripting S
Electricks eCommerce 1.0 - Persistent Cross-Site Scripting S
Facturation System 1.0 - 'modid' SQL Injection S
Galaxy Forces MMORPG 0.5.8 - 'type' SQL Injection S
Gumbo CMS 0.99 - SQL Injection S
Helpdezk 1.1.1 - 'id' SQL Injection S
Helpdezk 1.1.1 - 'query' SQL Injection S
Helpdezk 1.1.1 - 'todate' SQL Injection S
HTTP Advanced Custom Fields plugin for WordPress 'acf_fields' Cross Site Scripting Vuln S
HTTP Advanced Custom Fields plugin for WordPress 'acf_fields' Cross Site Scripting Vuln_1 S
HTTP Axioscloud Sissiweb Registro Elettronico 'Error_desc' Cross Site Scripting Vuln S
HTTP CentOS Web Panel 0.9.8.740 - 'Change Root Password' CSRF (From Server) S
HTTP CentOS Web Panel 0.9.8.740 - 'Change Root Password' CSRF (To Server) S
HTTP CentOS Web Panel 0.9.8.740 - Remote Command Execution CSRF (From Server) S
HTTP CentOS Web Panel 0.9.8.740 - Remote Command Execution CSRF (To Server) S
HTTP ClipBucket 'ajax.php' SQL Injection Vuln S
HTTP Data Center Audit (Update Admin) CSRF Vuln (From Server) S
HTTP Data Center Audit (Update Admin) CSRF Vuln (To Server) S
HTTP Dolibarr ERPCRM 8.0.3 - Cross-Site Scripting S
HTTP DomainMod 'Owner name' Cross Site Scripting Vuln S
HTTP Easy Testimonials plugin for WordPress '_ikcf_client' Cross Site Scripting Vuln S
HTTP Easy Testimonials plugin for WordPress '_ikcf_other' Cross Site Scripting Vuln S
HTTP Easy Testimonials plugin for WordPress '_ikcf_position' Cross Site Scripting Vuln S
HTTP Electricks eCommerce 1.0 - CSRF (Change Admin Password) (From Server) S
HTTP Electricks eCommerce 1.0 - CSRF (Change Admin Password) (To Server) S
HTTP Fork CMS backend ajax Cross Site Scripting Vuln S
HTTP FreshRSS 1.11.1 - 'a' Parameter Cross-site Scripting S
HTTP FreshRSS 1.11.1 - 'c' Parameter Cross-site Scripting S
HTTP GitList 0.6.0 - Argument Injection S
HTTP GIU Gallery Image Upload 'category' SQL Injection Vuln S
HTTP GPS Tracking System 2.12 - 'username' SQL Injection S
HTTP Grapixel New Media 'pageref' SQL Injection Vuln S
HTTP Grocery crud 1.6.1 - 'search_field' SQL Injection S
HTTP iServiceOnline 1.0 - 'year' SQL Injection S
HTTP Joomla! Component JE Photo Gallery 1.1 - 'categoryid' SQL Injection S
HTTP KeyBase Botnet 1.5 - 'machinename' SQL Injection S
HTTP KeyBase Botnet 1.5 - 'machinetime' SQL Injection S
HTTP LibreHealth 2.0.0 - (Authenticated) Arbitrary File Delete S
HTTP LibreHealth 2.0.0 - (Authenticated) Arbitrary File Inclusion S
HTTP Linksys E Series - 'BlockSite.asp' Improper Session-Protection S
HTTP Linksys E Series - 'BlockTime.asp' Improper Session-Protection S
HTTP Linksys E Series - 'restore.cgi' Router Reboot S
HTTP Linksys E Series - 'upgrade.cgi' Router Reboot S
HTTP Linksys E Series - 'wait_time' Cross Site Scripting (From Server) S
HTTP Linksys E Series - Header Injection S
HTTP Linksys E Series - Open Redirect S
HTTP Linksys E Series - Router Password Change CSRF (From Server) S
HTTP Meneame English Pligg 'search' SQL Injection Vuln S
HTTP NEC Univerge Sv9100 WebPro - 6.00 - Clear Text Password Storage S
HTTP Netgear Devices - Unauthenticated Remote Command Execution (Metasploit) S
HTTP No-Cms 1.0 - 'order_by' SQL Injection S
HTTP OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin) (From Server) S
HTTP OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin) (To Server) S
HTTP PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure S
HTTP PayPal-Credit Card-Debit Card Payment 1.0 - 'accommodation' SQL Injection S
HTTP PayPal-Credit Card-Debit Card Payment 1.0 - 'rooms' SQL Injection S
HTTP Pedidos 1.0 - SQL Injection S
HTTP PHP Server Monitor 3.3.1 - 'Delete Logs' Cross-Site Request Forgery (From Server) S
HTTP PHP Server Monitor 3.3.1 - 'Delete Logs' Cross-Site Request Forgery (To Server) S
HTTP PHP Server Monitor 3.3.1 - 'Delete Server' Cross-Site Request Forgery (From Server) S
HTTP PHP Server Monitor 3.3.1 - 'Delete Server' Cross-Site Request Forgery (To Server) S
HTTP PHP Server Monitor 3.3.1 - 'Delete User' Cross-Site Request Forgery (From Server) S
HTTP PHP Server Monitor 3.3.1 - 'Delete User' Cross-Site Request Forgery (To Server) S
HTTP Pimcore 'asset-count' SQL Injection Vuln S
HTTP Pimcore 'asset-inquire' SQL Injection Vuln S
HTTP Pimcore 'asset-list' SQL Injection Vuln S
HTTP Pimcore 'document-count' SQL Injection Vuln S
HTTP Pimcore 'document-inquire' SQL Injection Vuln S
HTTP Pimcore 'document-list' SQL Injection Vuln S
HTTP Pimcore 'object-count' SQL Injection Vuln S
HTTP Pimcore 'object-inquire' SQL Injection Vuln S
HTTP Pimcore 'object-list' SQL Injection Vuln S
HTTP Precurio Intranet Portal 2.0 - CSRF (Add Admin) (From Server) S
HTTP Precurio Intranet Portal 2.0 - CSRF (Add Admin) (To Server) S
HTTP SaltOS Erp Crm 'user' SQL Injection Vuln S
HTTP School Event Management System 1.0 - Arbitrary File Upload S
HTTP School Event Management System 1.0 - CSRF (Update Admin) (From Server) S
HTTP School Event Management System 1.0 - CSRF (Update Admin) (To Server) S
HTTP Simple E-Document 'username' SQL Injection Vuln S
HTTP Surreal ToDo 0.6.1.2 - Local File Inclusion S
HTTP Synaccess netBooter NP-02xNP-08x 6.8 - Authentication Bypass S
HTTP The Don 1.0.1 - 'email' SQL Injection S
HTTP Ticketly 'addproject.php' SQL Injection Vuln S
HTTP Ticketly 'addproject.php' SQL Injection Vuln_1 S
HTTP Ticketly 'addproject.php' SQL Injection Vuln_2 S
HTTP Ticketly 'addticket.php' SQL Injection Vuln S
HTTP Ticketly 'addticket.php' SQL Injection Vuln_1 S
HTTP Ticketly 'addticket.php' SQL Injection Vuln_2 S
HTTP Ticketly 'addticket.php' SQL Injection Vuln_3 S
HTTP Ticketly 'addticket.php' SQL Injection Vuln_4 S
HTTP Ticketly 'reports.php' SQL Injection Vuln S
HTTP Ticketly 'reports.php' SQL Injection Vuln_1 S
HTTP University Application System 'process.php' SQL Injection Vuln S
HTTP University Application System 'process.php' SQL Injection Vuln_1 S
HTTP University Application System 'process.php' SQL Injection Vuln_2 S
HTTP Webiness Inventory 2.3 - Arbitrary File Upload (From Server) S
HTTP Webiness Inventory 2.3 - Arbitrary File Upload (To Server) S
HTTP Webiness Inventory 2.3 - Cross-Site Request Forgery (Add Admin) (From Server) S
HTTP Webiness Inventory 2.3 - Cross-Site Request Forgery (Add Admin) (To Server) S
HTTP Webiness Inventory 2.3 - Remote Code Execution S
HTTP Webiness Inventory 2.3 - SQL Injection S
HTTP WebKit JIT - 'ByteCodeParserhandleIntrinsicCall' Type Confusion S
HTTP WebKit JSC JIT - 'JSPropertyNameEnumerator' Type Confusion S
HTTP Wordpress Plugin Media File Manager 'dir' Cross Site Scripting Vuln S
HTTP Wordpress Plugin Media File Manager 'dir' Directory Traversal Vuln S
Malware DNS Request Associated with Novidade Exploit Kit (globo.jelastic.net) S
Malware DNS Request Associated with Novidade Exploit Kit (landpagebrazil.whelastic.net) S
Malware DNS Request Associated with Novidade Exploit Kit (light.jelastic.servint.net) S
Malware DNS Request Associated with Novidade Exploit Kit (pesquisaeleitoral2018.online) S
Malware DNS Request Associated with Novidade Exploit Kit (pesquisaparapresidente.online) S
Malware GET Request Associated with Hancitor Malware (todoemergencias.cl) S
Malware GET Request Associated with Hancitor Malware (your365realestateoffice.com) S
Malware GET Request Associated with SSE Spambot Malware (amalu.at) S
Malware GET Request Associated with Ursnif Malware (47.52.45.178) S
Malware GET Request Associated with Ursnif Malware (api2.doter.at) S
Malware GET Request Associated with Ursnif Malware (beetfeetlife.bit) S
Malware POST Request Associated with Hancitor Malware (ninglarenlac.com) S
Malware UDP Beacon Associated with SSE Spambot Malware (31.44.184.36) S
Nominas 0.27 - 'username' SQL Injection S
OOP CMS BLOG 1.0 - 'search' SQL Injection S
Paroiciel 11.20 - 'eGeqIdEquipe' SQL Injection S
Paroiciel 11.20 - 'tRecIdListe' SQL Injection S
Paroiciel 11.20 - 'zProIdPro' SQL Injection S
Sendroid 6.5.0 - SQL Injection S
SIPve 0.0.2-R19 - 'idevento' SQL Injection S
SIPve 0.0.2-R19 - 'idgrupo' SQL Injection S
SIPve 0.0.2-R19 - 'usuario' SQL Injection S
Surreal ToDo 0.6.1.2 - 'page_id' SQL Injection S
Surreal ToDo 0.6.1.2 - 'search' SQL Injection S
The Don 1.0.1 - 'login' SQL Injection S
WebOfisi E-Ticaret V4 - 'urun' SQL Injection S
WordPress Plugin Ninja Forms 3.3.17 - 'begin_date' Cross-Site Scripting S
WordPress Plugin Ninja Forms 3.3.17 - 'end_date' Cross-Site Scripting S
WordPress Plugin Ninja Forms 3.3.17 - 'form_id' Cross-Site Scripting S