Traffic IQ Professional
Traffic File Update for July 2018
174 Application Exploits
Core FTP LE 2.2 - Buffer Overflow (PoC) S
FTPShell Client 6.7 - Buffer Overflow S
HID discoveryd - 'command_blink_on' Remote Code Execution (Metasploit) S
HTTP ADB Broadband Gateways Routers - 'rtsp' Authorization Bypass S
HTTP ADB Broadband Gateways Routers - 'telnet' Authorization Bypass S
HTTP Ajax Full Featured Calendar 'search' SQL Injection Vuln S
HTTP Apache CouchDB - 'query_servers' Arbitrary Command Execution (Metasploit) S
HTTP Apache CouchDB 2.1.0 - 'Create Payload' Remote Code Execution S
HTTP Apache CouchDB 2.1.0 - 'design' Remote Code Execution S
HTTP Apache CouchDB 2.1.0 - '_temp_view' Remote Code Execution S
HTTP Baby Names Search Engine 'a' SQL Injection Vuln S
HTTP Booking Calendar plugin for WordPress 'fillEventsPopup.php' SQL Injection Vuln S
HTTP Booking Calendar plugin for WordPress 'fillEventsPopup.php' SQL Injection Vuln_1 S
HTTP Booking Calendar plugin for WordPress 'getEvent.php' SQL Injection Vuln S
HTTP Booking Calendar plugin for WordPress 'getEvent.php' SQL Injection Vuln_1 S
HTTP Booking Calendar plugin for WordPress 'getMonthCalendar.php' SQL Injection Vuln S
HTTP Booking Calendar plugin for WordPress 'getMonthCalendar.php' SQL Injection Vuln_1 S
HTTP Booking Calendar plugin for WordPress 'getMonthCalendar.php' XSS Vuln S
HTTP Booking Calendar plugin for WordPress 'getMonthCalendar.php' XSS Vuln_1 S
HTTP Booking Calendar plugin for WordPress 'searchEvents.php' SQL Injection Vuln S
HTTP Booking Calendar plugin for WordPress 'searchEvents.php' SQL Injection Vuln_1 S
HTTP BookingWizz Booking System 'id' SQL Injection Vuln S
HTTP Brother Series Printers 'loginerror.html' Cross Site Scripting Vuln S
HTTP Canon PrintMe EFI 'mydocs.php' Cross Site Scripting Vuln S
HTTP Cisco Adaptive Security Appliance - Path Traversal S
HTTP Cobub Razor 0.8.0 - 'commonDbfix.php' Physical path Leakage S
HTTP Cobub Razor 0.8.0 - 'controllers-get' Physical path Leakage S
HTTP Cobub Razor 0.8.0 - 'controllers-post' Physical path Leakage S
HTTP Cobub Razor 0.8.0 - 'Controller_fixt.php' Physical path Leakage S
HTTP Cobub Razor 0.8.0 - 'generate.php' Physical path Leakage S
HTTP Cobub Razor 0.8.0 - 'ipTest.php' Physical path Leakage S
HTTP Cobub Razor 0.8.0 - 'view_fixt2.php' Physical path Leakage S
HTTP CSV Import and Export 'live-preview-db-tables.php' Cross Site Scripting Vuln S
HTTP CSV Import and Export 'live-preview-db-tables.php' SQL Injection Vuln S
HTTP D-Link DIR601 2.02 - Credential Disclosure S
HTTP DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin) (From Server) S
HTTP DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin) (To Server) S
HTTP Dicoogle PACS 2.5.0 - Directory Traversal S
HTTP Dimofinf CMS 'id' Cross Site Scripting Vuln S
HTTP Dolibarr ERP CRM 7.0.3 - PHP Code Injection S
HTTP DomainMod 'oid' Cross Site Scripting Vuln S
HTTP DomainMod 'sslpaid' Cross Site Scripting Vuln S
HTTP easyLetters 'id' SQL Injection Vuln S
HTTP Elektronischer Leitz-Ordner 10 - SQL Injection S
HTTP Employee Work Schedule 'cal_id' SQL Injection Vuln S
HTTP EMS Master Calendar 'Name' Cross Site Scripting Vuln S
HTTP eWallet - Online Payment Gateway CSRF Vuln (From Server) S
HTTP eWallet - Online Payment Gateway CSRF Vuln (To Server) S
HTTP Foxit Reader 9.0.1.1049 - Remote Code Execution S
HTTP G DATA Total Security 25.4.0.3 - Activex Buffer Overflow S
HTTP Geutebruck 5.02024 G-Cam EFD-2250 - 'simple_loglistjs.cgi' RCE (Metasploit) S
HTTP GreenCMS (Add Admin) CSRF Vuln (From Server) S
HTTP GreenCMS (Add Admin) CSRF Vuln (To Server) S
HTTP Grid Pro Big Data 'test.php' SQL Injection Vuln S
HTTP Grid Pro Big Data 'test.php' SQL Injection Vuln_1 S
HTTP Grid Pro Big Data 'test.php' SQL Injection Vuln_2 S
HTTP Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery S
HTTP Honeywell FALCON XLWeb controllers Cross Site Scripting Vuln S
HTTP HP VAN SDN Controller - Root Command Injection (Metasploit) S
HTTP IBM Merge PACS CSRF Vuln (From Server) S
HTTP IBM Merge PACS CSRF Vuln (To Server) S
HTTP IBM QRadar SIEM - Remote Code Execution (Metasploit) S
HTTP Ingenious School Management System 'id' SQL Injection Vuln S
HTTP Iptanus WordPress File Upload plugin for WordPress XSS Vuln (From Server) S
HTTP Iptanus WordPress File Upload plugin for WordPress XSS Vuln (To Server) S
HTTP iSocial 'Email' CSRF Vuln (From Server) S
HTTP iSocial 'Email' CSRF Vuln (To Server) S
HTTP IssueTrak 'IssueSearch_Process.asp' SQL Injection Vuln S
HTTP IssueTrak 'IssueSearch_Process.asp' SQL Injection Vuln_1 S
HTTP IssueTrak 'IssueSearch_Process.asp' SQL Injection Vuln_10 S
HTTP IssueTrak 'IssueSearch_Process.asp' SQL Injection Vuln_2 S
HTTP IssueTrak 'IssueSearch_Process.asp' SQL Injection Vuln_3 S
HTTP IssueTrak 'IssueSearch_Process.asp' SQL Injection Vuln_4 S
HTTP IssueTrak 'IssueSearch_Process.asp' SQL Injection Vuln_5 S
HTTP IssueTrak 'IssueSearch_Process.asp' SQL Injection Vuln_6 S
HTTP IssueTrak 'IssueSearch_Process.asp' SQL Injection Vuln_7 S
HTTP IssueTrak 'IssueSearch_Process.asp' SQL Injection Vuln_8 S
HTTP IssueTrak 'IssueSearch_Process.asp' SQL Injection Vuln_9 S
HTTP iThemes Security plugin for WordPress logs page SQL Injection Vuln S
HTTP Joomla! Component Full Social 'search_query' SQL Injection Vuln S
HTTP Joomla! Component JoomOCShop 'Change Password' CSRF Vuln (From Server) S
HTTP Joomla! Component JoomOCShop 'Change Password' CSRF Vuln (To Server) S
HTTP Joomla! Component JoomOCShop 'Change User info' CSRF Vuln (From Server) S
HTTP Joomla! Component JoomOCShop 'Change User info' CSRF Vuln (To Server) S
HTTP KomSeo Cart 'my_item_search' SQL Injection Vuln S
HTTP LFCMS 'admin.php' (Add Admin) CSRF Vuln (From Server) S
HTTP LFCMS 'admin.php' (Add Admin) CSRF Vuln (To Server) S
HTTP LFCMS 'admin.php' (Add User) CSRF Vuln (From Server) S
HTTP LFCMS 'admin.php' (Add User) CSRF Vuln (To Server) S
HTTP Liferay Portal 7.0.4 - Server-Side Request Forgery S
HTTP Lyrist Music Lyrics Script 'id' SQL Injection Vuln S
HTTP MACCMS 'admin.php' (Add User) CSRF Vuln (From Server) S
HTTP MACCMS 'admin.php' (Add User) CSRF Vuln (To Server) S
HTTP MaDDash 2.0.2 - 'etc' Directory Listing S
HTTP MaDDash 2.0.2 - 'images' Directory Listing S
HTTP MaDDash 2.0.2 - 'lib' Directory Listing S
HTTP MaDDash 2.0.2 - 'style' Directory Listing S
HTTP ManageEngine Exchange Reporter Plus Build 5311 - Remote Code Execution S
HTTP Mcard Mobile Card Selling Platform CMS CSRF Vuln (From Server) S
HTTP Mcard Mobile Card Selling Platform CMS CSRF Vuln (To Server) S
HTTP Microsoft Edge Chakra - Cross Context Use-After-Free S
HTTP Microsoft Edge Chakra JIT - BoundFunctionNewInstance Out-of-Bounds Read S
HTTP Microsoft Edge Chakra JIT - Out-of-Bounds ReadsWrites S
HTTP Mirasys DVMS Workstation 5.12.6 - Path Traversal S
HTTP MS Edge Chakra JIT - Type Confusion with Hoisted SetConcatStrMultiItemBE Instructions S
HTTP My Directory 'business' SQL Injection Vuln S
HTTP My Directory 'city' Cross Site Scripting Vuln S
HTTP mySurvey 'edit_live.php' SQL Injection Vuln S
HTTP mySurvey 'question.php' SQL Injection Vuln S
HTTP mySurvey 'statistic.php' SQL Injection Vuln S
HTTP Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit) S
HTTP New STAR 'ajax.php' SQL Injection Vuln S
HTTP New STAR 'mouse_search' function Cross Site Scripting Vuln S
HTTP ntop-ng 3.4.180617 - Authentication Bypass S
HTTP nZEDb Cross Site Scripting Vuln S
HTTP OEcms 'info.php' Cross Site Scripting Vuln S
HTTP Online Trade - Information Disclosure S
HTTP Oracle WebCenter Sites Cross Site Scripting Vuln S
HTTP Oracle WebCenter Sites Cross Site Scripting Vuln_1 S
HTTP PHP Scripts Mall Facebook 'Change User Info' CSRF Vuln (From Server) S
HTTP PHP Scripts Mall Facebook 'Change User Info' CSRF Vuln (To Server) S
HTTP phpLDAPadmin 1.2.2 - 'server_id' LDAP Injection (Username) S
HTTP phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion S
HTTP Pie Register plugin for WordPress 'order' SQL Injection Vuln S
HTTP QNAP Qcenter Virtual Appliance - 'date config' Remote Command Execution S
HTTP QNAP Qcenter Virtual Appliance - 'network config' Remote Command Execution S
HTTP QNAP Qcenter Virtual Appliance - 'ssh settings' Remote Command Execution S
HTTP QNAP Qcenter Virtual Appliance - Admin Password Change S
HTTP QNAP Qcenter Virtual Appliance - Admin Password Disclosure S
HTTP Quest KACE Systems Management - Command Injection (Metasploit) S
HTTP RabbitMQ Web Management (Add Admin) CSRF Vuln (From Server) S
HTTP RabbitMQ Web Management (Add Admin) CSRF Vuln (To Server) S
HTTP SAP NetWeaver J2EE Engine 7.40 - SQL Injection S
HTTP SAT CFDI 'id' SQL Injection Vuln S
HTTP Schools Alert Management Script 'get_sec.php' SQL Injection Vuln S
HTTP Sharetronix CMS CSRF Vuln (From Server) S
HTTP Sharetronix CMS CSRF Vuln (To Server) S
HTTP ShopNx - Arbitrary File Upload S
HTTP Smartshop 'category.php' SQL Injection Vuln S
HTTP Smartshop 'product.php' SQL Injection Vuln S
HTTP Smartshop 'search.php' SQL Injection Vuln S
HTTP SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection S
HTTP SuperCom Online Shopping 'Update profile' CSRF Vuln (From Server) S
HTTP SuperCom Online Shopping 'Update profile' CSRF Vuln (To Server) S
HTTP Teradek Cube (Change Admin Password) CSRF Vuln (From Server) S
HTTP Teradek Cube (Change Admin Password) CSRF Vuln (To Server) S
HTTP Teradek Slice (Change Admin Password) CSRF Vuln (From Server) S
HTTP Teradek Slice (Change Admin Password) CSRF Vuln (To Server) S
HTTP Teradek VidiU Pro (Change Admin Password) CSRF Vuln (From Server) S
HTTP Teradek VidiU Pro (Change Admin Password) CSRF Vuln (To Server) S
HTTP Tor Browser 0.3.2.10 - Use After Free (PoC) S
HTTP Trend Micro ServerProtect - 'log_management.cgi' XSS S
HTTP Trend Micro ServerProtect - 'notification.cgi' XSS S
HTTP Trend Micro ServerProtect - 'update' CSRF S
HTTP Trend Micro ServerProtect - Unauthorised Update Server S
HTTP VMware NSX SD-WAN Edge 3.1.2 - 'dns' Command Injection S
HTTP VMware NSX SD-WAN Edge 3.1.2 - 'ping' Command Injection S
HTTP VMware NSX SD-WAN Edge 3.1.2 - 'traceroute' Command Injection S
HTTP WAGO e!DISPLAY 7300T - 'configtools.php' XSS S
HTTP WAGO e!DISPLAY 7300T - 'login.php' XSS S
HTTP WAGO e!DISPLAY 7300T - 'receive_upload.php' XSS S
HTTP WAGO e!DISPLAY 7300T - Remote Code Execution S
HTTP WAGO e!DISPLAY 7300T - Unrestricted File Upload S
HTTP WebKit - not_number defineProperties UAF (Metasploit) S
HTTP WebKitGTK+ 2.21.3 - 'WebKitFaviconDatabase' Denial of Service (Metasploit) S
HTTP Wecodex Hotel CMS 'Admin Login' SQL Injection Vuln S
HTTP Wecodex Library CMS 'username' SQL Injection Vuln S
HTTP Wecodex Restaurant CMS 'username' SQL Injection Vuln S
HTTP Wordpress 4.9.6 - 'delete' (Authenticated) Arbitrary File Deletion S
HTTP Wordpress 4.9.6 - 'editattachment' (Authenticated) Arbitrary File Deletion S
HTTP XATABoost CMS 'id' SQL Injection Vuln S
HTTP Zeta Producer Desktop CMS 14.2.0 - Local File Disclosure S
Malware GET Request Associated with Emotet Malware (misico.com) S
Malware GET Request Associated with Emotet Malware (www.ocyoungactors.com) S