Traffic IQ Professional
Traffic File Update for February 2019
190 Application Exploits
CloudMe Sync 1.11.2 Buffer Overflow - WoW64 (DEP Bypass) S
HTTP Access Manager Unauthenticated Insecure Direct Object Reference (IDOR) S
HTTP Across DR-810 ROM-0 - Backup File Disclosure S
HTTP AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery (From Server) S
HTTP AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery (To Server) S
HTTP AudioCode 400HD - Command Injection S
HTTP BlogEngine 3.3 - XML External Entity Injection S
HTTP CentOS Web Panel 0.9.8.740 - 'Change Root Password' Cross Site Scripting S
HTTP Chat2 'userid' - Cross Site Scripting S
HTTP Chat2 'userid' - SQL Injection S
HTTP Comodo Dome Firewall 'ADMIN_MAIL_ADDRESS' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'admin_name' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'BACKUP_RCPTTO' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'CACHE_MEM' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'comment' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'destination' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'destination' Cross Site Scripting Vuln_1 S
HTTP Comodo Dome Firewall 'device' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'FWADDRESSES' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'GATEWAY_GREEN' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'ID' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'ID' Cross Site Scripting Vuln_1 S
HTTP Comodo Dome Firewall 'mac' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'MACADDRESSES' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'MAX_SIZE' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'MIN_SIZE' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'netmask_addr' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'newLicense' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'NTP_SERVER_LIST' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'organization' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'port' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'protocol' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'PROXY_PORT' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'remark' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'remark' Cross Site Scripting Vuln_1 S
HTTP Comodo Dome Firewall 'SCHNAME' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'snat_to_ip' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'source' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'target' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'target' Cross Site Scripting Vuln_1 S
HTTP Comodo Dome Firewall 'username' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'VISIBLE_HOSTNAME' Cross Site Scripting Vuln S
HTTP Coship Wireless Router 4.0.0.48 - 10.0.0.49 - Unauth Admin Password Reset (From Server) S
HTTP Coship Wireless Router 4.0.0.48 - 10.0.0.49 - Unauth Admin Password Reset (To Server) S
HTTP Dolibarr ERP-CRM 'rowid' SQL Injection Vuln S
HTTP doorGets CMS 'download.php' Arbitrary File Download S
HTTP E-Negosyo System 1.0 - 'category' SQL Injection S
HTTP E-Negosyo System 1.0 - 'single-item' SQL Injection S
HTTP E-Negosyo System 1.0 - 'view' SQL Injection S
HTTP eBrigade ERP 4.5 - Arbitrary File Download S
HTTP Embed Video Scripts comment section Cross Site Scripting Vuln S
HTTP Event Calendar 'id' SQL Injection Vuln S
HTTP Find A Place CMS Directory 1.5 SQL Injection S
HTTP Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution S
HTTP FortiGate FortiOS 6.0.3 - LDAP Credential Disclosure S
HTTP GL-AR300M-Lite 2.27 - 'timezone' Authenticated Command Injection S
HTTP GL-AR300M-Lite 2.27 - 'update_time' Authenticated Command Injection S
HTTP GL-AR300M-Lite 2.27 - Arbitrary File Download S
HTTP GL-AR300M-Lite 2.27 - Path Traversal S
HTTP Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length S
HTTP Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC) S
HTTP GreenCMS 'cat' SQL Injection Vuln S
HTTP GreenCMS 2.x - Arbitrary Directory Download S
HTTP GreenCMS 2.x - Arbitrary File Download S
HTTP HasanMWB 1.0 - 'category' SQL Injection S
HTTP HasanMWB 1.0 - 'page' SQL Injection S
HTTP HasanMWB 1.0 - 'search' SQL Injection S
HTTP HealthNode Hospital Management System 'email.php' SQL Injection Vuln S
HTTP HealthNode Hospital Management System 'info.php' SQL Injection Vuln S
HTTP HealthNode Hospital Management System 'patientdetails.php' SQL Injection Vuln S
HTTP HealthNode Hospital Management System 'username' SQL Injection Vuln S
HTTP HP Intelligent Management - Java Deserialization RCE (Metasploit) S
HTTP Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery (Send SMS) S
HTTP Hucart CMS (Add Admin Account) CSRF Vuln (From Server) S
HTTP Hucart CMS (Add Admin Account) CSRF Vuln (To Server) S
HTTP i-doit CMDB 'index.php' Arbitrary File Download S
HTTP i-doit CMDB 'objGroupID' SQL Injection Vuln S
HTTP Icon Time Systems RTC-100 'employee.html' Cross Site Scripting Vuln S
HTTP Jinja2 2.10 - 'from_string' Server Side Template Injection Information Disclosure S
HTTP Jinja2 2.10 - 'from_string' Server Side Template Injection Reverse Shell S
HTTP Job Portal Platform 'blog_id' SQL Injection Vuln S
HTTP Job Portal Platform 'job_id' SQL Injection Vuln S
HTTP Joomla Component Ek Rishta 2.10 - SQL Injection S
HTTP Joomla! Component Easy Shop 1.2.3 - Local File Inclusion S
HTTP Joomla! Component JoomCRM 'association_id' SQL Injection Vuln S
HTTP Joomla! Component JoomCRM 'deal_id' SQL Injection Vuln S
HTTP Joomla! Component JoomProject 1.1.3.2 - Information Disclosure S
HTTP Joomla! Component vAccount 'vid' SQL Injection Vuln S
HTTP Joomla! Component vBizz 'payid' SQL Injection Vuln S
HTTP Joomla! Component vBizz 1.0.7 - Remote Code Execution S
HTTP Joomla! Component vReview 'cmId' SQL Injection Vuln S
HTTP Joomla! Component vReview 'profileid' SQL Injection Vuln S
HTTP Joomla! Component vWishlist 'userid' SQL Injection Vuln S
HTTP Joomla! Component vWishlist 'vproductid' SQL Injection Vuln S
HTTP Joomla! Core Multiple HTML Injection Vulnerabilities S
HTTP Leica Geosystems GR10GR25GR30GR50 GNSS 4.30.063 - CSRF (From Server) S
HTTP Leica Geosystems GR10GR25GR30GR50 GNSS 4.30.063 - CSRF (To Server) S
HTTP Leica Geosystems GR10GR25GR30GR50 GNSS 4.30.063 - JSHTML Code Injection (From Server) S
HTTP Leica Geosystems GR10GR25GR30GR50 GNSS 4.30.063 - JSHTML Code Injection (To Server) S
HTTP Lenovo R2105 - Cross-Site Request Forgery (Command Execution) (From Server) S
HTTP Lenovo R2105 - Cross-Site Request Forgery (Command Execution) (To Server) S
HTTP Mailcleaner - Authenticated Remote Code Execution (Metasploit) S
HTTP Matrix MLM Script 1.0 - Information Disclosure S
HTTP Mess Management System 'index.php' SQL Injection Vuln S
HTTP Mess Management System 'index.php' SQL Injection Vuln_1 S
HTTP Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference S
HTTP Microsoft Edge Chakra - 'InitClass' Type Confusion S
HTTP Microsoft Edge Chakra - 'InitProto' Type Confusion S
HTTP Microsoft Edge Chakra - 'InlineArrayPush' Type Confusion S
HTTP Microsoft Edge Chakra - 'NewScObjectNoCtor' Type Confusion S
HTTP mIRC 7.55 - 'Custom URI Protocol Handlers' Remote Command Execution S
HTTP MLMPro 'activateadmin.php' SQL Injection Vuln S
HTTP MLMPro 'deleteadmin.php' SQL Injection Vuln S
HTTP MLMPro 'deletepin.php' SQL Injection Vuln S
HTTP MLMPro 'login.php' SQL Injection Vuln S
HTTP MLMPro 'mailid' SQL Injection Vuln S
HTTP Modern POS 'field' SQL Injection Vuln S
HTTP Modern POS 'query_string' SQL Injection Vuln S
HTTP MoneyFlux Cashflow Management System 'id' SQL Injection Vuln S
HTTP MPS Box 'device_add.php' Arbitrary File Upload Vuln (From Server) S
HTTP MPS Box 'device_add.php' Arbitrary File Upload Vuln (To Server) S
HTTP MS Edge Chakra - 'JsBuiltInEngineInterfaceExtensionObjectInjectJsBuiltInLibraryCode' UAF S
HTTP MyT Project Management 'Charge[group_total]' SQL Injection Vuln S
HTTP Newsbull Haber Script 'search' SQL Injection Vuln S
HTTP OpenSource ERP 'query' SQL Injection Vuln S
HTTP Oracle Reports Developer CVE-2019-2413 Remote Security Vulnerability S
HTTP OUGC Awards 'reason' Cross Site Scripting Vuln S
HTTP ownDMS 'IMG' SQL Injection Vuln S
HTTP ownDMS 'IMG' SQL Injection Vuln_1 S
HTTP ownDMS 'IMG' SQL Injection Vuln_2 S
HTTP ownDMS 'showfordoc' SQL Injection Vuln S
HTTP PHP Dashboards NEW 'dashID' SQL Injection Vuln S
HTTP PHP Dashboards NEW 5.8 - Local File Inclusion S
HTTP PHP Uber-style GeoTracking 'index.php' SQL Injection Vuln S
HTTP PHP Uber-style GeoTracking 'index.php' SQL Injection Vuln_1 S
HTTP PHP Uber-style GeoTracking 'index.php' SQL Injection Vuln_2 S
HTTP phpMoAdmin MongoDB GUI 'moadmin.php' Cross Site Scripting Vuln S
HTTP phpMoAdmin MongoDB GUI 'moadmin.php' Cross Site Scripting Vuln_1 S
HTTP phpMoAdmin MongoDB GUI 'moadmin.php' Cross Site Scripting Vuln_2 S
HTTP phptpoint Pharmacy Management System 1.0 - 'username' SQL injection S
HTTP phpTransformer 'idnews' SQL Injection Vuln S
HTTP phpTransformer 'path' Directory Traversal Vuln S
HTTP PlayJoom 0.10.1 - 'catid' SQL Injection S
HTTP Real Estate Custom Script 'filter_area' SQL Injection Vuln S
HTTP Real Estate Custom Script 'filter_range' SQL Injection Vuln S
HTTP Real Estate Custom Script 'property_id' SQL Injection Vuln S
HTTP Reservic 'id' SQL Injection Vuln S
HTTP ResourceSpace 'collection_edit.php' SQL Injection Vuln S
HTTP Roxy Fileman 'copydir.php' Directory Traversal Vuln S
HTTP Roxy Fileman 'copyfile.php' Directory Traversal Vuln S
HTTP Roxy Fileman 'fileslist.php' Directory Traversal Vuln S
HTTP Roxy Fileman 1.4.5 - Arbitrary File Download S
HTTP SeoToaster Ecommerce CRM CMS 3.0.0 - 'getcss' Local File Inclusion S
HTTP SeoToaster Ecommerce CRM CMS 3.0.0 - 'getjs' Local File Inclusion S
HTTP Shield CMS 'email' SQL Injection Vuln S
HTTP Silurus Classifieds Script 2.0 - 'wcategory' SQL Injection S
HTTP Teameyo Project Management System 'email' SQL Injection Vuln S
HTTP Teameyo Project Management System 'milestone_id' SQL Injection Vuln S
HTTP Teameyo Project Management System 'project_id' SQL Injection Vuln S
HTTP Tina4 Stack 1.0.3 - Cross-Site Request Forgery (Update Admin) (From Server) S
HTTP Tina4 Stack 1.0.3 - Cross-Site Request Forgery (Update Admin) (To Server) S
HTTP Tourism Website Blog - 'acc_id' SQL Injection S
HTTP Tourism Website Blog - 'address' SQL Injection S
HTTP Tourism Website Blog - 'category' SQL Injection S
HTTP Tourism Website Blog - Remote Code Execution S
HTTP Twilio WEB To Fax Machine System Application PHP Script 'password' SQL Injection Vuln S
HTTP User IP History Logs plugin for MyBB 'useragent' Cross Site Scripting Vuln S
HTTP WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free S
HTTP WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download S
HTTP WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection S
HTTP Wordpress Plugin UserPro 4.9.21 - User Registration Privilege Escalation S
HTTP Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing S
HTTP Zoho ManageEngine ServiceDesk Plus CVE-2019-8394 Arbitrary File Upload Vulnerability S
HTTP ZTE MF65 and MF65M1 'cmd' Cross Site Scripting Vuln S
HTTP Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery (From Server) S
HTTP Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery (To Server) S
Indusoft Web Studio 8.1 SP2 - Remote Code Execution S
Malware DNS Request Linked to Emotet Infection with IcedID (beyondbathroomsandplumbing.co.uk) S
Malware DNS Request Linked to Emotet Infection with IcedID (combarret.host) S
Malware DNS Request Linked to Emotet Infection with IcedID (decretery.host) S
Malware DNS Request Linked to Emotet Infection with IcedID (desaercsed.fun) S
Malware DNS Request Linked to Emotet Infection with IcedID (exeterol.host) S
Malware DNS Request Linked to Emotet Infection with IcedID (jirovided.host) S
Malware DNS Request Linked to Emotet Infection with IcedID (kepleted.pw) S
Malware DNS Request Linked to Emotet Infection with IcedID (olderivers.host) S
Malware DNS Request Linked to Emotet Infection with IcedID (possils.host) S
Malware DNS Request Linked to Emotet Infection with IcedID (simrahsoftware.com) S
Malware DNS Request Linked to Emotet Infection with IcedID (stronour.host) S
Malware DNS Request Linked to Emotet Infection with IcedID (tfihsdnema.fun) S
Malware DNS Request Linked to Emotet Infection with IcedID (ygrenevresed.fun) S