Search

Traffic File Update - July 2018

This Traffic IQ Professional update for July 2018 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for July 2018

174 Application Exploits

Core FTP LE 2.2 - Buffer Overflow (PoC) S
FTPShell Client 6.7 - Buffer Overflow S
HID discoveryd - 'command_blink_on' Remote Code Execution (Metasploit) S
HTTP ADB Broadband Gateways Routers - 'rtsp' Authorization Bypass S
HTTP ADB Broadband Gateways Routers - 'telnet' Authorization Bypass S
HTTP Ajax Full Featured Calendar 'search' SQL Injection Vuln S
HTTP Apache CouchDB - 'query_servers' Arbitrary Command Execution (Metasploit) S
HTTP Apache CouchDB 2.1.0 - 'Create Payload' Remote Code Execution S
HTTP Apache CouchDB 2.1.0 - 'design' Remote Code Execution S
HTTP Apache CouchDB 2.1.0 - '_temp_view' Remote Code Execution S
HTTP Baby Names Search Engine 'a' SQL Injection Vuln S
HTTP Booking Calendar plugin for WordPress 'fillEventsPopup.php' SQL Injection Vuln S
HTTP Booking Calendar plugin for WordPress 'fillEventsPopup.php' SQL Injection Vuln_1 S
HTTP Booking Calendar plugin for WordPress 'getEvent.php' SQL Injection Vuln S
HTTP Booking Calendar plugin for WordPress 'getEvent.php' SQL Injection Vuln_1 S
HTTP Booking Calendar plugin for WordPress 'getMonthCalendar.php' SQL Injection Vuln S
HTTP Booking Calendar plugin for WordPress 'getMonthCalendar.php' SQL Injection Vuln_1 S
HTTP Booking Calendar plugin for WordPress 'getMonthCalendar.php' XSS Vuln S
HTTP Booking Calendar plugin for WordPress 'getMonthCalendar.php' XSS Vuln_1 S
HTTP Booking Calendar plugin for WordPress 'searchEvents.php' SQL Injection Vuln S
HTTP Booking Calendar plugin for WordPress 'searchEvents.php' SQL Injection Vuln_1 S
HTTP BookingWizz Booking System 'id' SQL Injection Vuln S
HTTP Brother Series Printers 'loginerror.html' Cross Site Scripting Vuln S
HTTP Canon PrintMe EFI 'mydocs.php' Cross Site Scripting Vuln S
HTTP Cisco Adaptive Security Appliance - Path Traversal S
HTTP Cobub Razor 0.8.0 - 'commonDbfix.php' Physical path Leakage S
HTTP Cobub Razor 0.8.0 - 'controllers-get' Physical path Leakage S
HTTP Cobub Razor 0.8.0 - 'controllers-post' Physical path Leakage S
HTTP Cobub Razor 0.8.0 - 'Controller_fixt.php' Physical path Leakage S
HTTP Cobub Razor 0.8.0 - 'generate.php' Physical path Leakage S
HTTP Cobub Razor 0.8.0 - 'ipTest.php' Physical path Leakage S
HTTP Cobub Razor 0.8.0 - 'view_fixt2.php' Physical path Leakage S
HTTP CSV Import and Export 'live-preview-db-tables.php' Cross Site Scripting Vuln S
HTTP CSV Import and Export 'live-preview-db-tables.php' SQL Injection Vuln S
HTTP D-Link DIR601 2.02 - Credential Disclosure S
HTTP DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin) (From Server) S
HTTP DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin) (To Server) S
HTTP Dicoogle PACS 2.5.0 - Directory Traversal S
HTTP Dimofinf CMS 'id' Cross Site Scripting Vuln S
HTTP Dolibarr ERP CRM 7.0.3 - PHP Code Injection S
HTTP DomainMod 'oid' Cross Site Scripting Vuln S
HTTP DomainMod 'sslpaid' Cross Site Scripting Vuln S
HTTP easyLetters 'id' SQL Injection Vuln S
HTTP Elektronischer Leitz-Ordner 10 - SQL Injection S
HTTP Employee Work Schedule 'cal_id' SQL Injection Vuln S
HTTP EMS Master Calendar 'Name' Cross Site Scripting Vuln S
HTTP eWallet - Online Payment Gateway CSRF Vuln (From Server) S
HTTP eWallet - Online Payment Gateway CSRF Vuln (To Server) S
HTTP Foxit Reader 9.0.1.1049 - Remote Code Execution S
HTTP G DATA Total Security 25.4.0.3 - Activex Buffer Overflow S
HTTP Geutebruck 5.02024 G-Cam EFD-2250 - 'simple_loglistjs.cgi' RCE (Metasploit) S
HTTP GreenCMS (Add Admin) CSRF Vuln (From Server) S
HTTP GreenCMS (Add Admin) CSRF Vuln (To Server) S
HTTP Grid Pro Big Data 'test.php' SQL Injection Vuln S
HTTP Grid Pro Big Data 'test.php' SQL Injection Vuln_1 S
HTTP Grid Pro Big Data 'test.php' SQL Injection Vuln_2 S
HTTP Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery S
HTTP Honeywell FALCON XLWeb controllers Cross Site Scripting Vuln S
HTTP HP VAN SDN Controller - Root Command Injection (Metasploit) S
HTTP IBM Merge PACS CSRF Vuln (From Server) S
HTTP IBM Merge PACS CSRF Vuln (To Server) S
HTTP IBM QRadar SIEM - Remote Code Execution (Metasploit) S
HTTP Ingenious School Management System 'id' SQL Injection Vuln S
HTTP Iptanus WordPress File Upload plugin for WordPress XSS Vuln (From Server) S
HTTP Iptanus WordPress File Upload plugin for WordPress XSS Vuln (To Server) S
HTTP iSocial 'Email' CSRF Vuln (From Server) S
HTTP iSocial 'Email' CSRF Vuln (To Server) S
HTTP IssueTrak 'IssueSearch_Process.asp' SQL Injection Vuln S
HTTP IssueTrak 'IssueSearch_Process.asp' SQL Injection Vuln_1 S
HTTP IssueTrak 'IssueSearch_Process.asp' SQL Injection Vuln_10 S
HTTP IssueTrak 'IssueSearch_Process.asp' SQL Injection Vuln_2 S
HTTP IssueTrak 'IssueSearch_Process.asp' SQL Injection Vuln_3 S
HTTP IssueTrak 'IssueSearch_Process.asp' SQL Injection Vuln_4 S
HTTP IssueTrak 'IssueSearch_Process.asp' SQL Injection Vuln_5 S
HTTP IssueTrak 'IssueSearch_Process.asp' SQL Injection Vuln_6 S
HTTP IssueTrak 'IssueSearch_Process.asp' SQL Injection Vuln_7 S
HTTP IssueTrak 'IssueSearch_Process.asp' SQL Injection Vuln_8 S
HTTP IssueTrak 'IssueSearch_Process.asp' SQL Injection Vuln_9 S
HTTP iThemes Security plugin for WordPress logs page SQL Injection Vuln S
HTTP Joomla! Component Full Social 'search_query' SQL Injection Vuln S
HTTP Joomla! Component JoomOCShop 'Change Password' CSRF Vuln (From Server) S
HTTP Joomla! Component JoomOCShop 'Change Password' CSRF Vuln (To Server) S
HTTP Joomla! Component JoomOCShop 'Change User info' CSRF Vuln (From Server) S
HTTP Joomla! Component JoomOCShop 'Change User info' CSRF Vuln (To Server) S
HTTP KomSeo Cart 'my_item_search' SQL Injection Vuln S
HTTP LFCMS 'admin.php' (Add Admin) CSRF Vuln (From Server) S
HTTP LFCMS 'admin.php' (Add Admin) CSRF Vuln (To Server) S
HTTP LFCMS 'admin.php' (Add User) CSRF Vuln (From Server) S
HTTP LFCMS 'admin.php' (Add User) CSRF Vuln (To Server) S
HTTP Liferay Portal 7.0.4 - Server-Side Request Forgery S
HTTP Lyrist Music Lyrics Script 'id' SQL Injection Vuln S
HTTP MACCMS 'admin.php' (Add User) CSRF Vuln (From Server) S
HTTP MACCMS 'admin.php' (Add User) CSRF Vuln (To Server) S
HTTP MaDDash 2.0.2 - 'etc' Directory Listing S
HTTP MaDDash 2.0.2 - 'images' Directory Listing S
HTTP MaDDash 2.0.2 - 'lib' Directory Listing S
HTTP MaDDash 2.0.2 - 'style' Directory Listing S
HTTP ManageEngine Exchange Reporter Plus Build 5311 - Remote Code Execution S
HTTP Mcard Mobile Card Selling Platform CMS CSRF Vuln (From Server) S
HTTP Mcard Mobile Card Selling Platform CMS CSRF Vuln (To Server) S
HTTP Microsoft Edge Chakra - Cross Context Use-After-Free S
HTTP Microsoft Edge Chakra JIT - BoundFunctionNewInstance Out-of-Bounds Read S
HTTP Microsoft Edge Chakra JIT - Out-of-Bounds ReadsWrites S
HTTP Mirasys DVMS Workstation 5.12.6 - Path Traversal S
HTTP MS Edge Chakra JIT - Type Confusion with Hoisted SetConcatStrMultiItemBE Instructions S
HTTP My Directory 'business' SQL Injection Vuln S
HTTP My Directory 'city' Cross Site Scripting Vuln S
HTTP mySurvey 'edit_live.php' SQL Injection Vuln S
HTTP mySurvey 'question.php' SQL Injection Vuln S
HTTP mySurvey 'statistic.php' SQL Injection Vuln S
HTTP Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit) S
HTTP New STAR 'ajax.php' SQL Injection Vuln S
HTTP New STAR 'mouse_search' function Cross Site Scripting Vuln S
HTTP ntop-ng 3.4.180617 - Authentication Bypass S
HTTP nZEDb Cross Site Scripting Vuln S
HTTP OEcms 'info.php' Cross Site Scripting Vuln S
HTTP Online Trade - Information Disclosure S
HTTP Oracle WebCenter Sites Cross Site Scripting Vuln S
HTTP Oracle WebCenter Sites Cross Site Scripting Vuln_1 S
HTTP PHP Scripts Mall Facebook 'Change User Info' CSRF Vuln (From Server) S
HTTP PHP Scripts Mall Facebook 'Change User Info' CSRF Vuln (To Server) S
HTTP phpLDAPadmin 1.2.2 - 'server_id' LDAP Injection (Username) S
HTTP phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion S
HTTP Pie Register plugin for WordPress 'order' SQL Injection Vuln S
HTTP QNAP Qcenter Virtual Appliance - 'date config' Remote Command Execution S
HTTP QNAP Qcenter Virtual Appliance - 'network config' Remote Command Execution S
HTTP QNAP Qcenter Virtual Appliance - 'ssh settings' Remote Command Execution S
HTTP QNAP Qcenter Virtual Appliance - Admin Password Change S
HTTP QNAP Qcenter Virtual Appliance - Admin Password Disclosure S
HTTP Quest KACE Systems Management - Command Injection (Metasploit) S
HTTP RabbitMQ Web Management (Add Admin) CSRF Vuln (From Server) S
HTTP RabbitMQ Web Management (Add Admin) CSRF Vuln (To Server) S
HTTP SAP NetWeaver J2EE Engine 7.40 - SQL Injection S
HTTP SAT CFDI 'id' SQL Injection Vuln S
HTTP Schools Alert Management Script 'get_sec.php' SQL Injection Vuln S
HTTP Sharetronix CMS CSRF Vuln (From Server) S
HTTP Sharetronix CMS CSRF Vuln (To Server) S
HTTP ShopNx - Arbitrary File Upload S
HTTP Smartshop 'category.php' SQL Injection Vuln S
HTTP Smartshop 'product.php' SQL Injection Vuln S
HTTP Smartshop 'search.php' SQL Injection Vuln S
HTTP SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection S
HTTP SuperCom Online Shopping 'Update profile' CSRF Vuln (From Server) S
HTTP SuperCom Online Shopping 'Update profile' CSRF Vuln (To Server) S
HTTP Teradek Cube (Change Admin Password) CSRF Vuln (From Server) S
HTTP Teradek Cube (Change Admin Password) CSRF Vuln (To Server) S
HTTP Teradek Slice (Change Admin Password) CSRF Vuln (From Server) S
HTTP Teradek Slice (Change Admin Password) CSRF Vuln (To Server) S
HTTP Teradek VidiU Pro (Change Admin Password) CSRF Vuln (From Server) S
HTTP Teradek VidiU Pro (Change Admin Password) CSRF Vuln (To Server) S
HTTP Tor Browser 0.3.2.10 - Use After Free (PoC) S
HTTP Trend Micro ServerProtect - 'log_management.cgi' XSS S
HTTP Trend Micro ServerProtect - 'notification.cgi' XSS S
HTTP Trend Micro ServerProtect - 'update' CSRF S
HTTP Trend Micro ServerProtect - Unauthorised Update Server S
HTTP VMware NSX SD-WAN Edge 3.1.2 - 'dns' Command Injection S
HTTP VMware NSX SD-WAN Edge 3.1.2 - 'ping' Command Injection S
HTTP VMware NSX SD-WAN Edge 3.1.2 - 'traceroute' Command Injection S
HTTP WAGO e!DISPLAY 7300T - 'configtools.php' XSS S
HTTP WAGO e!DISPLAY 7300T - 'login.php' XSS S
HTTP WAGO e!DISPLAY 7300T - 'receive_upload.php' XSS S
HTTP WAGO e!DISPLAY 7300T - Remote Code Execution S
HTTP WAGO e!DISPLAY 7300T - Unrestricted File Upload S
HTTP WebKit - not_number defineProperties UAF (Metasploit) S
HTTP WebKitGTK+ 2.21.3 - 'WebKitFaviconDatabase' Denial of Service (Metasploit) S
HTTP Wecodex Hotel CMS 'Admin Login' SQL Injection Vuln S
HTTP Wecodex Library CMS 'username' SQL Injection Vuln S
HTTP Wecodex Restaurant CMS 'username' SQL Injection Vuln S
HTTP Wordpress 4.9.6 - 'delete' (Authenticated) Arbitrary File Deletion S
HTTP Wordpress 4.9.6 - 'editattachment' (Authenticated) Arbitrary File Deletion S
HTTP XATABoost CMS 'id' SQL Injection Vuln S
HTTP Zeta Producer Desktop CMS 14.2.0 - Local File Disclosure S
Malware GET Request Associated with Emotet Malware (misico.com) S
Malware GET Request Associated with Emotet Malware (www.ocyoungactors.com) S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.