Traffic IQ Professional
Traffic File Update for August 2018
154 Application Exploits
FTP Core FTP 2.0 - 'XRMD' Denial of Service (PoC) S
HTTP Apache Struts CVE-2018-11776 Remote Code Execution S
HTTP ASUS-DSL N10 1.1.2.2_17 - Authentication Bypass S
HTTP Auto Dealership and Vehicle Showroom WebSys 'setgeneral.php' CSRF Vuln (From Server) S
HTTP Auto Dealership and Vehicle Showroom WebSys 'setgeneral.php' CSRF Vuln (To Server) S
HTTP Auto Dealership and Vehicle Showroom WebSys 'updateprofile' CSRF Vuln (From Server) S
HTTP Auto Dealership and Vehicle Showroom WebSys 'updateprofile' CSRF Vuln (To Server) S
HTTP BEESCMS 4.0 - Cross-Site Request Forgery (Add Admin) (From Server) S
HTTP BEESCMS 4.0 - Cross-Site Request Forgery (Add Admin) (To Server) S
HTTP Behance Smartshop 'editprofile.php' CSRF Vuln (From Server) S
HTTP Behance Smartshop 'editprofile.php' CSRF Vuln (To Server) S
HTTP Cells Blog 'album.php' SQL Injection Vuln S
HTTP Cells Blog 'album.php' SQL Injection Vuln_1 S
HTTP Cells Blog 'fourm.php' SQL Injection Vuln S
HTTP Cells Blog 'fourm.php' SQL Injection Vuln_1 S
HTTP Cells Blog 'pub_openpic.php' SQL Injection Vuln S
HTTP Cells Blog 'pub_openpic.php' SQL Injection Vuln_1 S
HTTP Cells Blog 'pub_openpic.php' SQL Injection Vuln_2 S
HTTP Cells Blog 'pub_post.php' SQL Injection Vuln S
HTTP Cells Blog 'pub_post.php' SQL Injection Vuln_1 S
HTTP cgit 1.2.1 - Directory Traversal (Metasploit) S
HTTP Church Management System plugin for WordPress 'id' SQL Injection Vuln S
HTTP Cloudme 1.9 - Buffer Overflow (DEP) (Metasploit) S
HTTP CloudMe Sync 1.10.9 - Buffer Overflow (SEH)(DEP Bypass) S
HTTP CodeCanyon Superfood 'setgeneral.php' CSRF Vuln (From Server) S
HTTP CodeCanyon Superfood 'setgeneral.php' CSRF Vuln (To Server) S
HTTP CodeCanyon Superfood 'updateprofile' CSRF Vuln (From Server) S
HTTP CodeCanyon Superfood 'updateprofile' CSRF Vuln (To Server) S
HTTP Contact Form Maker Plugin for WordPress 'admin-ajax.php' SQL Inj Vuln (From Server) S
HTTP Contact Form Maker Plugin for WordPress 'admin-ajax.php' SQL Inj Vuln (To Server) S
HTTP Contact Form Maker Plugin for WordPress 'admin-ajax.php' SQL Inj Vuln_1 (From Server) S
HTTP Contact Form Maker Plugin for WordPress 'admin-ajax.php' SQL Inj Vuln_1 (To Server) S
HTTP CyberPower Systems PowerPanel 3.1.2 - XXE Out-Of-Band Data Retrieval S
HTTP D-link DAP-1360 - Cross-Site Scripting S
HTTP D-link DAP-1360 - Path Traversal S
HTTP EasyService Billing 'jobcard-ongoing.php' Cross Site Scripting Vuln S
HTTP EasyService Billing 'qsystem-settings-user-new2.php' CSRF Vuln (From Server) S
HTTP EasyService Billing 'qsystem-settings-user-new2.php' CSRF Vuln (To Server) S
HTTP EasyService Billing 'quotation-new3-new2.php' CSRF Vuln (From Server) S
HTTP EasyService Billing 'quotation-new3-new2.php' CSRF Vuln (To Server) S
HTTP Ecessa Apps (Add Superuser) CSRF Vuln (From Server) S
HTTP Ecessa Apps (Add Superuser) CSRF Vuln (To Server) S
HTTP EChat Server 3.1 - 'CHAT.ghp' Buffer Overflow S
HTTP Fastweb FASTgate 'status.cgi' CSRF Vuln (From Server) S
HTTP Fastweb FASTgate 'status.cgi' CSRF Vuln (To Server) S
HTTP FreePBX 13.0.35 - SQL Injection S
HTTP GeoVision GV-SNVR0811 - Directory Traversal S
HTTP GetGo Download Manager 6.2.1.3200 - Denial of Service (PoC) S
HTTP Healwrite Online Pharmacy 'update-details-user' CSRF Vuln (From Server) S
HTTP Healwrite Online Pharmacy 'update-details-user' CSRF Vuln (To Server) S
HTTP Healwrite Online Pharmacy 'your profile' Cross Site Scripting Vuln S
HTTP HongCMS 'index.php' SQL Injection Vuln S
HTTP i-Net Solution Lending and Borrowing Script 'single-cause.php' SQL Injection Vuln S
HTTP i-Net Solution Multi Level Marketing 'event_detail.php' SQL Injection Vuln S
HTTP i-Net Solution Multi Level Marketing 'news_detail.php' SQL Injection Vuln S
HTTP i-Net Solution Multi Level Marketing 'service_detail.php' SQL Injection Vuln S
HTTP Intex Router N-150 (Add Admin) CSRF Vuln (From Server) S
HTTP Intex Router N-150 (Add Admin) CSRF Vuln (To Server) S
HTTP Jomres Component for Joomla! 'index.php' (Add User) CSRF Vuln (From Server) S
HTTP Jomres Component for Joomla! 'index.php' (Add User) CSRF Vuln (To Server) S
HTTP Joomla! Component EkRishta 'cid' SQL Injection Vuln S
HTTP Joomla! Component EkRishta 'username' SQL Injection Vuln S
HTTP Joomla! Component jCart for OpenCart (Change User Account Info) CSRF Vuln (From Server) S
HTTP Joomla! Component jCart for OpenCart (Change User Account Info) CSRF Vuln (To Server) S
HTTP Joomla! Component jCart for OpenCart (Change User Info) CSRF Vuln (From Server) S
HTTP Joomla! Component jCart for OpenCart (Change User Info) CSRF Vuln (To Server) S
HTTP Joomla! Component jCart for OpenCart (Change User Password) CSRF Vuln (From Server) S
HTTP Joomla! Component jCart for OpenCart (Change User Password) CSRF Vuln (To Server) S
HTTP Joomla! Component JS Jobs (Delete Job Entry) CSRF Vuln (From Server) S
HTTP Joomla! Component JS Jobs (Delete Job Entry) CSRF Vuln (To Server) S
HTTP Listing Hub CMS 'blog_detail.php' SQL Injection Vuln S
HTTP Listing Hub CMS 'items.php' SQL Injection Vuln S
HTTP Listing Hub CMS 'listing_category.php' SQL Injection Vuln S
HTTP Listing Hub CMS 'listing_category.php' SQL Injection Vuln_1 S
HTTP Mediasoftpro ASP.NET jVideo Kit 'query' SQL Injection Vuln S
HTTP Metronet Tag Manager Plugin for WordPress 'users.php' CSRF Vuln (From Server) S
HTTP Metronet Tag Manager Plugin for WordPress 'users.php' CSRF Vuln (To Server) S
HTTP Micro Focus Secure Messaging Gateway (SMG) 471 - Remote Code Execution (Metasploit) S
HTTP Micro Focus Secure Messaging Gateway (SMG) 471 - SQL Injection (Metasploit) S
HTTP Model Agency Media House and Model Gallery 'setgeneral.php' CSRF Vuln (From Server) S
HTTP Model Agency Media House and Model Gallery 'setgeneral.php' CSRF Vuln (To Server) S
HTTP Model Agency Media House and Model Gallery 'updateprofile' CSRF Vuln (From Server) S
HTTP Model Agency Media House and Model Gallery 'updateprofile' CSRF Vuln (To Server) S
HTTP Mojoomla WPAMS plugin for WordPress 'id' SQL Injection Vuln S
HTTP MSVOD 10 - 'cid' SQL Injection S
HTTP Nanopool Claymore Dual Miner - APIs Remote Code Execution (Metasploit) S
HTTP NewMark CMS 'sec_id' SQL Injection Vuln S
HTTP NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution S
HTTP Online Trade 1 - Information Disclosure S
HTTP Open-AuditIT Professional CSRF Vuln (From Server) S
HTTP Open-AuditIT Professional CSRF Vuln (To Server) S
HTTP Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal (Metasploit) S
HTTP Pagekit 1.0.13 - Cross-Site Scripting Code Generator S
HTTP PaulNews 'keyword' Cross Site Scripting Vuln S
HTTP PaulNews 'keyword' SQL Injection Vuln S
HTTP PHP Dashboards NEW 'user.php' SQL Injection Vuln S
HTTP php Real Estate Script 3 - Arbitrary File Disclosure S
HTTP PHP Scripts Mall Facebook Clone Script 'search' SQL Injection Vuln S
HTTP PHPBack 1.3.0 - SQL Injection S
HTTP PLC Wireless Router GPN2.4P21-C-CN - Denial of Service S
HTTP Progress Sitefinity 9.1 'realm' Open Redirect S
HTTP Progress Sitefinity 9.1 'ReturnUrl' Open Redirect S
HTTP Progress Sitefinity 9.1 PUT Cross Site Scripting S
HTTP QNAP Q'Center - 'change_passwd' Privilege Escalation (Metasploit) S
HTTP Relay Ajax Directory Manager relayb01-071706, 1.5.1, 1.5.3 - Unauthenticated File Upload S
HTTP Responsive Events And Movie Ticket Booking 'findcity.php' SQL Injection Vuln S
HTTP School Management System CMS 'username' SQL Injection Vuln S
HTTP School, Hospital and Gym Management System plugin for WordPress 'id' SQL Injection Vuln S
HTTP SearchBlox 'add user' CSRF Vuln (From Server) S
HTTP SearchBlox 'add user' CSRF Vuln (To Server) S
HTTP SITEMAKIN SLAC 'my_item_search' SQL Injection Vuln S
HTTP SMSmaster - SQL Injection S
HTTP SoftNAS Cloud 4.0.3 - OS Command Injection S
HTTP Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router) S
HTTP Timber 'update user profile' CSRF Vuln (From Server) S
HTTP Timber 'update user profile' CSRF Vuln (To Server) S
HTTP Touchpad Trivum WebTouch Setup 2.53 build 13163 - Authentication Bypass S
HTTP TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot) S
HTTP TP-Link C50 Wireless Router 3 - DDNS Settings CSRF (Information Disclosure) S
HTTP TP-Link C50 Wireless Router 3 - Wireless Settings CSRF (Information Disclosure) S
HTTP Trivum Multiroom Setup Tool 8.76 - Cross-Site Request Forgery (Admin Bypass) S
HTTP userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting S
HTTP WampServer 'add_vhost.php' CSRF Vuln (From Server) S
HTTP WampServer 'add_vhost.php' CSRF Vuln (To Server) S
HTTP Windows Speech Recognition - Buffer Overflow (PoC) S
HTTP Wolf CMS 0.8.2 - Arbitrary File Upload Exploit (Metasploit) S
HTTP WordPress All in One SEO Pack Plugin 2.3.6.1 - Persistent XSS S
HTTP WordPress Gravity Forms Plugin 1.8.19 - Arbitrary File Upload S
HTTP WordPress Plugin Events Calendar 'month' SQL Injection Vuln S
HTTP WordPress Plugin Events Calendar 'year' SQL Injection Vuln S
HTTP WordPress Plugin Responsive Thumbnail Slider - Arbitrary File Upload (Metasploit) S
HTTP WordPress Plugin Ultimate Form Builder Lite 'admin-ajax.php' SQL Injection Vuln S
HTTP WordPress Ultimate Product Catalog Plugin 3.8.1 - Privilege Escalation S
HTTP WP Google Maps plugin for WordPress 'order' SQL Injection Vuln S
HTTP WP Google Maps plugin for WordPress 'orderby' SQL Injection Vuln S
HTTP Zechat 'data_settings.php' CSRF Vuln (From Server) S
HTTP Zechat 'data_settings.php' CSRF Vuln (To Server) S
HTTP Zechat 'hashtag' SQL Injection Vuln S
HTTP Zechat 'v' SQL Injection Vuln S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNET WOSummaryList' SQL Injection Vuln S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNET WOSummaryList' SQL Injection Vuln_1 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNET WOSummaryList' SQL Injection Vuln_10 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNET WOSummaryList' SQL Injection Vuln_2 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNET WOSummaryList' SQL Injection Vuln_3 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNET WOSummaryList' SQL Injection Vuln_4 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNET WOSummaryList' SQL Injection Vuln_5 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNET WOSummaryList' SQL Injection Vuln_6 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNET WOSummaryList' SQL Injection Vuln_7 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNET WOSummaryList' SQL Injection Vuln_8 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNET WOSummaryList' SQL Injection Vuln_9 S
Malware GET Request Associated with Hermes Malware (209.141.59.124) Attempt S
Malware POST Request Associated with AZORult Malware (briancobert.com) Attempt S
OpenSSH 2.3 - 7.7 - Username Enumeration PoC (CVE-2018-15473) S
Phoenix Contact ILC 150 ETH PLC Remote Control Script S