Search

Traffic File Update - December 2018

This Traffic IQ Professional update for December 2018 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for December 2018

143 Application Exploits

Advanced Comment System 1.0 - SQL Injection S
Alienor Web Libre 2.0 - SQL Injection S
Alive Parish 2.0.4 - SQL Injection S
BitZoom 1.0 - 'rollno' SQL Injection S
BitZoom 1.0 - 'username on forgot.php' SQL Injection S
BitZoom 1.0 - 'username on Logon.php' SQL Injection S
Data Center Audit 2.6.2 - 'username' SQL Injection S
DoceboLMS 1.2 - SQL Injection S
DomainMOD 4.11.01 - 'ipid' Cross-Site Scripting S
DomainMOD 4.11.01 - 'raid' Cross-Site Scripting S
Electricks eCommerce 1.0 - Persistent Cross-Site Scripting S
Facturation System 1.0 - 'modid' SQL Injection S
Galaxy Forces MMORPG 0.5.8 - 'type' SQL Injection S
Gumbo CMS 0.99 - SQL Injection S
Helpdezk 1.1.1 - 'id' SQL Injection S
Helpdezk 1.1.1 - 'query' SQL Injection S
Helpdezk 1.1.1 - 'todate' SQL Injection S
HTTP Advanced Custom Fields plugin for WordPress 'acf_fields' Cross Site Scripting Vuln S
HTTP Advanced Custom Fields plugin for WordPress 'acf_fields' Cross Site Scripting Vuln_1 S
HTTP Axioscloud Sissiweb Registro Elettronico 'Error_desc' Cross Site Scripting Vuln S
HTTP CentOS Web Panel 0.9.8.740 - 'Change Root Password' CSRF (From Server) S
HTTP CentOS Web Panel 0.9.8.740 - 'Change Root Password' CSRF (To Server) S
HTTP CentOS Web Panel 0.9.8.740 - Remote Command Execution CSRF (From Server) S
HTTP CentOS Web Panel 0.9.8.740 - Remote Command Execution CSRF (To Server) S
HTTP ClipBucket 'ajax.php' SQL Injection Vuln S
HTTP Data Center Audit (Update Admin) CSRF Vuln (From Server) S
HTTP Data Center Audit (Update Admin) CSRF Vuln (To Server) S
HTTP Dolibarr ERPCRM 8.0.3 - Cross-Site Scripting S
HTTP DomainMod 'Owner name' Cross Site Scripting Vuln S
HTTP Easy Testimonials plugin for WordPress '_ikcf_client' Cross Site Scripting Vuln S
HTTP Easy Testimonials plugin for WordPress '_ikcf_other' Cross Site Scripting Vuln S
HTTP Easy Testimonials plugin for WordPress '_ikcf_position' Cross Site Scripting Vuln S
HTTP Electricks eCommerce 1.0 - CSRF (Change Admin Password) (From Server) S
HTTP Electricks eCommerce 1.0 - CSRF (Change Admin Password) (To Server) S
HTTP Fork CMS backend ajax Cross Site Scripting Vuln S
HTTP FreshRSS 1.11.1 - 'a' Parameter Cross-site Scripting S
HTTP FreshRSS 1.11.1 - 'c' Parameter Cross-site Scripting S
HTTP GitList 0.6.0 - Argument Injection S
HTTP GIU Gallery Image Upload 'category' SQL Injection Vuln S
HTTP GPS Tracking System 2.12 - 'username' SQL Injection S
HTTP Grapixel New Media 'pageref' SQL Injection Vuln S
HTTP Grocery crud 1.6.1 - 'search_field' SQL Injection S
HTTP iServiceOnline 1.0 - 'year' SQL Injection S
HTTP Joomla! Component JE Photo Gallery 1.1 - 'categoryid' SQL Injection S
HTTP KeyBase Botnet 1.5 - 'machinename' SQL Injection S
HTTP KeyBase Botnet 1.5 - 'machinetime' SQL Injection S
HTTP LibreHealth 2.0.0 - (Authenticated) Arbitrary File Delete S
HTTP LibreHealth 2.0.0 - (Authenticated) Arbitrary File Inclusion S
HTTP Linksys E Series - 'BlockSite.asp' Improper Session-Protection S
HTTP Linksys E Series - 'BlockTime.asp' Improper Session-Protection S
HTTP Linksys E Series - 'restore.cgi' Router Reboot S
HTTP Linksys E Series - 'upgrade.cgi' Router Reboot S
HTTP Linksys E Series - 'wait_time' Cross Site Scripting (From Server) S
HTTP Linksys E Series - Header Injection S
HTTP Linksys E Series - Open Redirect S
HTTP Linksys E Series - Router Password Change CSRF (From Server) S
HTTP Meneame English Pligg 'search' SQL Injection Vuln S
HTTP NEC Univerge Sv9100 WebPro - 6.00 - Clear Text Password Storage S
HTTP Netgear Devices - Unauthenticated Remote Command Execution (Metasploit) S
HTTP No-Cms 1.0 - 'order_by' SQL Injection S
HTTP OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin) (From Server) S
HTTP OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin) (To Server) S
HTTP PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure S
HTTP PayPal-Credit Card-Debit Card Payment 1.0 - 'accommodation' SQL Injection S
HTTP PayPal-Credit Card-Debit Card Payment 1.0 - 'rooms' SQL Injection S
HTTP Pedidos 1.0 - SQL Injection S
HTTP PHP Server Monitor 3.3.1 - 'Delete Logs' Cross-Site Request Forgery (From Server) S
HTTP PHP Server Monitor 3.3.1 - 'Delete Logs' Cross-Site Request Forgery (To Server) S
HTTP PHP Server Monitor 3.3.1 - 'Delete Server' Cross-Site Request Forgery (From Server) S
HTTP PHP Server Monitor 3.3.1 - 'Delete Server' Cross-Site Request Forgery (To Server) S
HTTP PHP Server Monitor 3.3.1 - 'Delete User' Cross-Site Request Forgery (From Server) S
HTTP PHP Server Monitor 3.3.1 - 'Delete User' Cross-Site Request Forgery (To Server) S
HTTP Pimcore 'asset-count' SQL Injection Vuln S
HTTP Pimcore 'asset-inquire' SQL Injection Vuln S
HTTP Pimcore 'asset-list' SQL Injection Vuln S
HTTP Pimcore 'document-count' SQL Injection Vuln S
HTTP Pimcore 'document-inquire' SQL Injection Vuln S
HTTP Pimcore 'document-list' SQL Injection Vuln S
HTTP Pimcore 'object-count' SQL Injection Vuln S
HTTP Pimcore 'object-inquire' SQL Injection Vuln S
HTTP Pimcore 'object-list' SQL Injection Vuln S
HTTP Precurio Intranet Portal 2.0 - CSRF (Add Admin) (From Server) S
HTTP Precurio Intranet Portal 2.0 - CSRF (Add Admin) (To Server) S
HTTP SaltOS Erp Crm 'user' SQL Injection Vuln S
HTTP School Event Management System 1.0 - Arbitrary File Upload S
HTTP School Event Management System 1.0 - CSRF (Update Admin) (From Server) S
HTTP School Event Management System 1.0 - CSRF (Update Admin) (To Server) S
HTTP Simple E-Document 'username' SQL Injection Vuln S
HTTP Surreal ToDo 0.6.1.2 - Local File Inclusion S
HTTP Synaccess netBooter NP-02xNP-08x 6.8 - Authentication Bypass S
HTTP Ticketly 'addproject.php' SQL Injection Vuln S
HTTP Ticketly 'addproject.php' SQL Injection Vuln_1 S
HTTP Ticketly 'addproject.php' SQL Injection Vuln_2 S
HTTP Ticketly 'addticket.php' SQL Injection Vuln S
HTTP Ticketly 'addticket.php' SQL Injection Vuln_1 S
HTTP Ticketly 'addticket.php' SQL Injection Vuln_2 S
HTTP Ticketly 'addticket.php' SQL Injection Vuln_3 S
HTTP Ticketly 'addticket.php' SQL Injection Vuln_4 S
HTTP Ticketly 'reports.php' SQL Injection Vuln S
HTTP Ticketly 'reports.php' SQL Injection Vuln_1 S
HTTP University Application System 'process.php' SQL Injection Vuln S
HTTP University Application System 'process.php' SQL Injection Vuln_1 S
HTTP University Application System 'process.php' SQL Injection Vuln_2 S
HTTP Webiness Inventory 2.3 - Arbitrary File Upload (From Server) S
HTTP Webiness Inventory 2.3 - Arbitrary File Upload (To Server) S
HTTP Webiness Inventory 2.3 - Cross-Site Request Forgery (Add Admin) (From Server) S
HTTP Webiness Inventory 2.3 - Cross-Site Request Forgery (Add Admin) (To Server) S
HTTP Webiness Inventory 2.3 - Remote Code Execution S
HTTP Webiness Inventory 2.3 - SQL Injection S
HTTP WebKit JIT - 'ByteCodeParserhandleIntrinsicCall' Type Confusion S
HTTP WebKit JSC JIT - 'JSPropertyNameEnumerator' Type Confusion S
HTTP Wordpress Plugin Media File Manager 'dir' Cross Site Scripting Vuln S
HTTP Wordpress Plugin Media File Manager 'dir' Directory Traversal Vuln S
Malware DNS Request Associated with Novidade Exploit Kit (globo.jelastic.net) S
Malware DNS Request Associated with Novidade Exploit Kit (landpagebrazil.whelastic.net) S
Malware DNS Request Associated with Novidade Exploit Kit (light.jelastic.servint.net) S
Malware DNS Request Associated with Novidade Exploit Kit (pesquisaeleitoral2018.online) S
Malware DNS Request Associated with Novidade Exploit Kit (pesquisaparapresidente.online) S
Malware GET Request Associated with Hancitor Malware (todoemergencias.cl) S
Malware GET Request Associated with Hancitor Malware (your365realestateoffice.com) S
Malware GET Request Associated with SSE Spambot Malware (amalu.at) S
Malware GET Request Associated with Ursnif Malware (47.52.45.178) S
Malware GET Request Associated with Ursnif Malware (api2.doter.at) S
Malware GET Request Associated with Ursnif Malware (beetfeetlife.bit) S
Malware POST Request Associated with Hancitor Malware (ninglarenlac.com) S
Malware UDP Beacon Associated with SSE Spambot Malware (31.44.184.36) S
Nominas 0.27 - 'username' SQL Injection S
OOP CMS BLOG 1.0 - 'search' SQL Injection S
Paroiciel 11.20 - 'eGeqIdEquipe' SQL Injection S
Paroiciel 11.20 - 'tRecIdListe' SQL Injection S
Paroiciel 11.20 - 'zProIdPro' SQL Injection S
Sendroid 6.5.0 - SQL Injection S
SIPve 0.0.2-R19 - 'idevento' SQL Injection S
SIPve 0.0.2-R19 - 'idgrupo' SQL Injection S
SIPve 0.0.2-R19 - 'usuario' SQL Injection S
Surreal ToDo 0.6.1.2 - 'page_id' SQL Injection S
Surreal ToDo 0.6.1.2 - 'search' SQL Injection S
The Don 1.0.1 - 'email' SQL Injection S
The Don 1.0.1 - 'login' SQL Injection S
WebOfisi E-Ticaret V4 - 'urun' SQL Injection S
WordPress Plugin Ninja Forms 3.3.17 - 'begin_date' Cross-Site Scripting S
WordPress Plugin Ninja Forms 3.3.17 - 'end_date' Cross-Site Scripting S
WordPress Plugin Ninja Forms 3.3.17 - 'form_id' Cross-Site Scripting S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.