Search

Traffic File Update - August 2018

This Traffic IQ Professional update for August 2018 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for August 2018

154 Application Exploits

FTP Core FTP 2.0 - 'XRMD' Denial of Service (PoC) S
HTTP Apache Struts CVE-2018-11776 Remote Code Execution S
HTTP ASUS-DSL N10 1.1.2.2_17 - Authentication Bypass S
HTTP Auto Dealership and Vehicle Showroom WebSys 'setgeneral.php' CSRF Vuln (From Server) S
HTTP Auto Dealership and Vehicle Showroom WebSys 'setgeneral.php' CSRF Vuln (To Server) S
HTTP Auto Dealership and Vehicle Showroom WebSys 'updateprofile' CSRF Vuln (From Server) S
HTTP Auto Dealership and Vehicle Showroom WebSys 'updateprofile' CSRF Vuln (To Server) S
HTTP BEESCMS 4.0 - Cross-Site Request Forgery (Add Admin) (From Server) S
HTTP BEESCMS 4.0 - Cross-Site Request Forgery (Add Admin) (To Server) S
HTTP Behance Smartshop 'editprofile.php' CSRF Vuln (From Server) S
HTTP Behance Smartshop 'editprofile.php' CSRF Vuln (To Server) S
HTTP Cells Blog 'album.php' SQL Injection Vuln S
HTTP Cells Blog 'album.php' SQL Injection Vuln_1 S
HTTP Cells Blog 'fourm.php' SQL Injection Vuln S
HTTP Cells Blog 'fourm.php' SQL Injection Vuln_1 S
HTTP Cells Blog 'pub_openpic.php' SQL Injection Vuln S
HTTP Cells Blog 'pub_openpic.php' SQL Injection Vuln_1 S
HTTP Cells Blog 'pub_openpic.php' SQL Injection Vuln_2 S
HTTP Cells Blog 'pub_post.php' SQL Injection Vuln S
HTTP Cells Blog 'pub_post.php' SQL Injection Vuln_1 S
HTTP cgit 1.2.1 - Directory Traversal (Metasploit) S
HTTP Church Management System plugin for WordPress 'id' SQL Injection Vuln S
HTTP Cloudme 1.9 - Buffer Overflow (DEP) (Metasploit) S
HTTP CloudMe Sync 1.10.9 - Buffer Overflow (SEH)(DEP Bypass) S
HTTP CodeCanyon Superfood 'setgeneral.php' CSRF Vuln (From Server) S
HTTP CodeCanyon Superfood 'setgeneral.php' CSRF Vuln (To Server) S
HTTP CodeCanyon Superfood 'updateprofile' CSRF Vuln (From Server) S
HTTP CodeCanyon Superfood 'updateprofile' CSRF Vuln (To Server) S
HTTP Contact Form Maker Plugin for WordPress 'admin-ajax.php' SQL Inj Vuln (From Server) S
HTTP Contact Form Maker Plugin for WordPress 'admin-ajax.php' SQL Inj Vuln (To Server) S
HTTP Contact Form Maker Plugin for WordPress 'admin-ajax.php' SQL Inj Vuln_1 (From Server) S
HTTP Contact Form Maker Plugin for WordPress 'admin-ajax.php' SQL Inj Vuln_1 (To Server) S
HTTP CyberPower Systems PowerPanel 3.1.2 - XXE Out-Of-Band Data Retrieval S
HTTP D-link DAP-1360 - Cross-Site Scripting S
HTTP D-link DAP-1360 - Path Traversal S
HTTP EasyService Billing 'jobcard-ongoing.php' Cross Site Scripting Vuln S
HTTP EasyService Billing 'qsystem-settings-user-new2.php' CSRF Vuln (From Server) S
HTTP EasyService Billing 'qsystem-settings-user-new2.php' CSRF Vuln (To Server) S
HTTP EasyService Billing 'quotation-new3-new2.php' CSRF Vuln (From Server) S
HTTP EasyService Billing 'quotation-new3-new2.php' CSRF Vuln (To Server) S
HTTP Ecessa Apps (Add Superuser) CSRF Vuln (From Server) S
HTTP Ecessa Apps (Add Superuser) CSRF Vuln (To Server) S
HTTP EChat Server 3.1 - 'CHAT.ghp' Buffer Overflow S
HTTP Fastweb FASTgate 'status.cgi' CSRF Vuln (From Server) S
HTTP Fastweb FASTgate 'status.cgi' CSRF Vuln (To Server) S
HTTP FreePBX 13.0.35 - SQL Injection S
HTTP GeoVision GV-SNVR0811 - Directory Traversal S
HTTP GetGo Download Manager 6.2.1.3200 - Denial of Service (PoC) S
HTTP Healwrite Online Pharmacy 'update-details-user' CSRF Vuln (From Server) S
HTTP Healwrite Online Pharmacy 'update-details-user' CSRF Vuln (To Server) S
HTTP Healwrite Online Pharmacy 'your profile' Cross Site Scripting Vuln S
HTTP HongCMS 'index.php' SQL Injection Vuln S
HTTP i-Net Solution Lending and Borrowing Script 'single-cause.php' SQL Injection Vuln S
HTTP i-Net Solution Multi Level Marketing 'event_detail.php' SQL Injection Vuln S
HTTP i-Net Solution Multi Level Marketing 'news_detail.php' SQL Injection Vuln S
HTTP i-Net Solution Multi Level Marketing 'service_detail.php' SQL Injection Vuln S
HTTP Intex Router N-150 (Add Admin) CSRF Vuln (From Server) S
HTTP Intex Router N-150 (Add Admin) CSRF Vuln (To Server) S
HTTP Jomres Component for Joomla! 'index.php' (Add User) CSRF Vuln (From Server) S
HTTP Jomres Component for Joomla! 'index.php' (Add User) CSRF Vuln (To Server) S
HTTP Joomla! Component EkRishta 'cid' SQL Injection Vuln S
HTTP Joomla! Component EkRishta 'username' SQL Injection Vuln S
HTTP Joomla! Component jCart for OpenCart (Change User Account Info) CSRF Vuln (From Server) S
HTTP Joomla! Component jCart for OpenCart (Change User Account Info) CSRF Vuln (To Server) S
HTTP Joomla! Component jCart for OpenCart (Change User Info) CSRF Vuln (From Server) S
HTTP Joomla! Component jCart for OpenCart (Change User Info) CSRF Vuln (To Server) S
HTTP Joomla! Component jCart for OpenCart (Change User Password) CSRF Vuln (From Server) S
HTTP Joomla! Component jCart for OpenCart (Change User Password) CSRF Vuln (To Server) S
HTTP Joomla! Component JS Jobs (Delete Job Entry) CSRF Vuln (From Server) S
HTTP Joomla! Component JS Jobs (Delete Job Entry) CSRF Vuln (To Server) S
HTTP Listing Hub CMS 'blog_detail.php' SQL Injection Vuln S
HTTP Listing Hub CMS 'items.php' SQL Injection Vuln S
HTTP Listing Hub CMS 'listing_category.php' SQL Injection Vuln S
HTTP Listing Hub CMS 'listing_category.php' SQL Injection Vuln_1 S
HTTP Mediasoftpro ASP.NET jVideo Kit 'query' SQL Injection Vuln S
HTTP Metronet Tag Manager Plugin for WordPress 'users.php' CSRF Vuln (From Server) S
HTTP Metronet Tag Manager Plugin for WordPress 'users.php' CSRF Vuln (To Server) S
HTTP Micro Focus Secure Messaging Gateway (SMG) 471 - Remote Code Execution (Metasploit) S
HTTP Micro Focus Secure Messaging Gateway (SMG) 471 - SQL Injection (Metasploit) S
HTTP Model Agency Media House and Model Gallery 'setgeneral.php' CSRF Vuln (From Server) S
HTTP Model Agency Media House and Model Gallery 'setgeneral.php' CSRF Vuln (To Server) S
HTTP Model Agency Media House and Model Gallery 'updateprofile' CSRF Vuln (From Server) S
HTTP Model Agency Media House and Model Gallery 'updateprofile' CSRF Vuln (To Server) S
HTTP Mojoomla WPAMS plugin for WordPress 'id' SQL Injection Vuln S
HTTP MSVOD 10 - 'cid' SQL Injection S
HTTP Nanopool Claymore Dual Miner - APIs Remote Code Execution (Metasploit) S
HTTP NewMark CMS 'sec_id' SQL Injection Vuln S
HTTP NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution S
HTTP Online Trade 1 - Information Disclosure S
HTTP Open-AuditIT Professional CSRF Vuln (From Server) S
HTTP Open-AuditIT Professional CSRF Vuln (To Server) S
HTTP Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal (Metasploit) S
HTTP Pagekit 1.0.13 - Cross-Site Scripting Code Generator S
HTTP PaulNews 'keyword' Cross Site Scripting Vuln S
HTTP PaulNews 'keyword' SQL Injection Vuln S
HTTP PHP Dashboards NEW 'user.php' SQL Injection Vuln S
HTTP php Real Estate Script 3 - Arbitrary File Disclosure S
HTTP PHP Scripts Mall Facebook Clone Script 'search' SQL Injection Vuln S
HTTP PHPBack 1.3.0 - SQL Injection S
HTTP PLC Wireless Router GPN2.4P21-C-CN - Denial of Service S
HTTP Progress Sitefinity 9.1 'realm' Open Redirect S
HTTP Progress Sitefinity 9.1 'ReturnUrl' Open Redirect S
HTTP Progress Sitefinity 9.1 PUT Cross Site Scripting S
HTTP QNAP Q'Center - 'change_passwd' Privilege Escalation (Metasploit) S
HTTP Relay Ajax Directory Manager relayb01-071706, 1.5.1, 1.5.3 - Unauthenticated File Upload S
HTTP Responsive Events And Movie Ticket Booking 'findcity.php' SQL Injection Vuln S
HTTP School Management System CMS 'username' SQL Injection Vuln S
HTTP School, Hospital and Gym Management System plugin for WordPress 'id' SQL Injection Vuln S
HTTP SearchBlox 'add user' CSRF Vuln (From Server) S
HTTP SearchBlox 'add user' CSRF Vuln (To Server) S
HTTP SITEMAKIN SLAC 'my_item_search' SQL Injection Vuln S
HTTP SMSmaster - SQL Injection S
HTTP SoftNAS Cloud 4.0.3 - OS Command Injection S
HTTP Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router) S
HTTP Timber 'update user profile' CSRF Vuln (From Server) S
HTTP Timber 'update user profile' CSRF Vuln (To Server) S
HTTP Touchpad Trivum WebTouch Setup 2.53 build 13163 - Authentication Bypass S
HTTP TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot) S
HTTP TP-Link C50 Wireless Router 3 - DDNS Settings CSRF (Information Disclosure) S
HTTP TP-Link C50 Wireless Router 3 - Wireless Settings CSRF (Information Disclosure) S
HTTP Trivum Multiroom Setup Tool 8.76 - Cross-Site Request Forgery (Admin Bypass) S
HTTP userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting S
HTTP WampServer 'add_vhost.php' CSRF Vuln (From Server) S
HTTP WampServer 'add_vhost.php' CSRF Vuln (To Server) S
HTTP Windows Speech Recognition - Buffer Overflow (PoC) S
HTTP Wolf CMS 0.8.2 - Arbitrary File Upload Exploit (Metasploit) S
HTTP WordPress All in One SEO Pack Plugin 2.3.6.1 - Persistent XSS S
HTTP WordPress Gravity Forms Plugin 1.8.19 - Arbitrary File Upload S
HTTP WordPress Plugin Events Calendar 'month' SQL Injection Vuln S
HTTP WordPress Plugin Events Calendar 'year' SQL Injection Vuln S
HTTP WordPress Plugin Responsive Thumbnail Slider - Arbitrary File Upload (Metasploit) S
HTTP WordPress Plugin Ultimate Form Builder Lite 'admin-ajax.php' SQL Injection Vuln S
HTTP WordPress Ultimate Product Catalog Plugin 3.8.1 - Privilege Escalation S
HTTP WP Google Maps plugin for WordPress 'order' SQL Injection Vuln S
HTTP WP Google Maps plugin for WordPress 'orderby' SQL Injection Vuln S
HTTP Zechat 'data_settings.php' CSRF Vuln (From Server) S
HTTP Zechat 'data_settings.php' CSRF Vuln (To Server) S
HTTP Zechat 'hashtag' SQL Injection Vuln S
HTTP Zechat 'v' SQL Injection Vuln S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNET WOSummaryList' SQL Injection Vuln S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNET WOSummaryList' SQL Injection Vuln_1 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNET WOSummaryList' SQL Injection Vuln_10 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNET WOSummaryList' SQL Injection Vuln_2 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNET WOSummaryList' SQL Injection Vuln_3 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNET WOSummaryList' SQL Injection Vuln_4 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNET WOSummaryList' SQL Injection Vuln_5 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNET WOSummaryList' SQL Injection Vuln_6 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNET WOSummaryList' SQL Injection Vuln_7 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNET WOSummaryList' SQL Injection Vuln_8 S
HTTP ZUUSE BEIMS ContractorWeb .NET 'CWEBNET WOSummaryList' SQL Injection Vuln_9 S
Malware GET Request Associated with Hermes Malware (209.141.59.124) Attempt S
Malware POST Request Associated with AZORult Malware (briancobert.com) Attempt S
OpenSSH 2.3 - 7.7 - Username Enumeration PoC (CVE-2018-15473) S
Phoenix Contact ILC 150 ETH PLC Remote Control Script S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.