Search

Traffic File Update - February 2019

This Traffic IQ Professional update for February 2019 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for February 2019

190 Application Exploits

CloudMe Sync 1.11.2 Buffer Overflow - WoW64 (DEP Bypass) S
HTTP Access Manager Unauthenticated Insecure Direct Object Reference (IDOR) S
HTTP Across DR-810 ROM-0 - Backup File Disclosure S
HTTP AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery (From Server) S
HTTP AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery (To Server) S
HTTP AudioCode 400HD - Command Injection S
HTTP BlogEngine 3.3 - XML External Entity Injection S
HTTP CentOS Web Panel 0.9.8.740 - 'Change Root Password' Cross Site Scripting S
HTTP Chat2 'userid' - Cross Site Scripting S
HTTP Chat2 'userid' - SQL Injection S
HTTP Comodo Dome Firewall 'ADMIN_MAIL_ADDRESS' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'admin_name' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'BACKUP_RCPTTO' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'CACHE_MEM' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'comment' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'destination' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'destination' Cross Site Scripting Vuln_1 S
HTTP Comodo Dome Firewall 'device' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'FWADDRESSES' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'GATEWAY_GREEN' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'ID' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'ID' Cross Site Scripting Vuln_1 S
HTTP Comodo Dome Firewall 'mac' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'MACADDRESSES' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'MAX_SIZE' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'MIN_SIZE' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'netmask_addr' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'newLicense' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'NTP_SERVER_LIST' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'organization' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'port' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'protocol' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'PROXY_PORT' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'remark' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'remark' Cross Site Scripting Vuln_1 S
HTTP Comodo Dome Firewall 'SCHNAME' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'snat_to_ip' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'source' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'target' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'target' Cross Site Scripting Vuln_1 S
HTTP Comodo Dome Firewall 'username' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'VISIBLE_HOSTNAME' Cross Site Scripting Vuln S
HTTP Coship Wireless Router 4.0.0.48 - 10.0.0.49 - Unauth Admin Password Reset (From Server) S
HTTP Coship Wireless Router 4.0.0.48 - 10.0.0.49 - Unauth Admin Password Reset (To Server) S
HTTP Dolibarr ERP-CRM 'rowid' SQL Injection Vuln S
HTTP doorGets CMS 'download.php' Arbitrary File Download S
HTTP E-Negosyo System 1.0 - 'category' SQL Injection S
HTTP E-Negosyo System 1.0 - 'single-item' SQL Injection S
HTTP E-Negosyo System 1.0 - 'view' SQL Injection S
HTTP eBrigade ERP 4.5 - Arbitrary File Download S
HTTP Embed Video Scripts comment section Cross Site Scripting Vuln S
HTTP Event Calendar 'id' SQL Injection Vuln S
HTTP Find A Place CMS Directory 1.5 SQL Injection S
HTTP Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution S
HTTP FortiGate FortiOS 6.0.3 - LDAP Credential Disclosure S
HTTP GL-AR300M-Lite 2.27 - 'timezone' Authenticated Command Injection S
HTTP GL-AR300M-Lite 2.27 - 'update_time' Authenticated Command Injection S
HTTP GL-AR300M-Lite 2.27 - Arbitrary File Download S
HTTP GL-AR300M-Lite 2.27 - Path Traversal S
HTTP Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length S
HTTP Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC) S
HTTP GreenCMS 'cat' SQL Injection Vuln S
HTTP GreenCMS 2.x - Arbitrary Directory Download S
HTTP GreenCMS 2.x - Arbitrary File Download S
HTTP HasanMWB 1.0 - 'category' SQL Injection S
HTTP HasanMWB 1.0 - 'page' SQL Injection S
HTTP HasanMWB 1.0 - 'search' SQL Injection S
HTTP HealthNode Hospital Management System 'email.php' SQL Injection Vuln S
HTTP HealthNode Hospital Management System 'info.php' SQL Injection Vuln S
HTTP HealthNode Hospital Management System 'patientdetails.php' SQL Injection Vuln S
HTTP HealthNode Hospital Management System 'username' SQL Injection Vuln S
HTTP HP Intelligent Management - Java Deserialization RCE (Metasploit) S
HTTP Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery (Send SMS) S
HTTP Hucart CMS (Add Admin Account) CSRF Vuln (From Server) S
HTTP Hucart CMS (Add Admin Account) CSRF Vuln (To Server) S
HTTP i-doit CMDB 'index.php' Arbitrary File Download S
HTTP i-doit CMDB 'objGroupID' SQL Injection Vuln S
HTTP Icon Time Systems RTC-100 'employee.html' Cross Site Scripting Vuln S
HTTP Jinja2 2.10 - 'from_string' Server Side Template Injection Information Disclosure S
HTTP Jinja2 2.10 - 'from_string' Server Side Template Injection Reverse Shell S
HTTP Job Portal Platform 'blog_id' SQL Injection Vuln S
HTTP Job Portal Platform 'job_id' SQL Injection Vuln S
HTTP Joomla Component Ek Rishta 2.10 - SQL Injection S
HTTP Joomla! Component Easy Shop 1.2.3 - Local File Inclusion S
HTTP Joomla! Component JoomCRM 'association_id' SQL Injection Vuln S
HTTP Joomla! Component JoomCRM 'deal_id' SQL Injection Vuln S
HTTP Joomla! Component JoomProject 1.1.3.2 - Information Disclosure S
HTTP Joomla! Component vAccount 'vid' SQL Injection Vuln S
HTTP Joomla! Component vBizz 'payid' SQL Injection Vuln S
HTTP Joomla! Component vBizz 1.0.7 - Remote Code Execution S
HTTP Joomla! Component vReview 'cmId' SQL Injection Vuln S
HTTP Joomla! Component vReview 'profileid' SQL Injection Vuln S
HTTP Joomla! Component vWishlist 'userid' SQL Injection Vuln S
HTTP Joomla! Component vWishlist 'vproductid' SQL Injection Vuln S
HTTP Joomla! Core Multiple HTML Injection Vulnerabilities S
HTTP Leica Geosystems GR10GR25GR30GR50 GNSS 4.30.063 - CSRF (From Server) S
HTTP Leica Geosystems GR10GR25GR30GR50 GNSS 4.30.063 - CSRF (To Server) S
HTTP Leica Geosystems GR10GR25GR30GR50 GNSS 4.30.063 - JSHTML Code Injection (From Server) S
HTTP Leica Geosystems GR10GR25GR30GR50 GNSS 4.30.063 - JSHTML Code Injection (To Server) S
HTTP Lenovo R2105 - Cross-Site Request Forgery (Command Execution) (From Server) S
HTTP Lenovo R2105 - Cross-Site Request Forgery (Command Execution) (To Server) S
HTTP Mailcleaner - Authenticated Remote Code Execution (Metasploit) S
HTTP Matrix MLM Script 1.0 - Information Disclosure S
HTTP Mess Management System 'index.php' SQL Injection Vuln S
HTTP Mess Management System 'index.php' SQL Injection Vuln_1 S
HTTP Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference S
HTTP Microsoft Edge Chakra - 'InitClass' Type Confusion S
HTTP Microsoft Edge Chakra - 'InitProto' Type Confusion S
HTTP Microsoft Edge Chakra - 'InlineArrayPush' Type Confusion S
HTTP Microsoft Edge Chakra - 'NewScObjectNoCtor' Type Confusion S
HTTP mIRC 7.55 - 'Custom URI Protocol Handlers' Remote Command Execution S
HTTP MLMPro 'activateadmin.php' SQL Injection Vuln S
HTTP MLMPro 'deleteadmin.php' SQL Injection Vuln S
HTTP MLMPro 'deletepin.php' SQL Injection Vuln S
HTTP MLMPro 'login.php' SQL Injection Vuln S
HTTP MLMPro 'mailid' SQL Injection Vuln S
HTTP Modern POS 'field' SQL Injection Vuln S
HTTP Modern POS 'query_string' SQL Injection Vuln S
HTTP MoneyFlux Cashflow Management System 'id' SQL Injection Vuln S
HTTP MPS Box 'device_add.php' Arbitrary File Upload Vuln (From Server) S
HTTP MPS Box 'device_add.php' Arbitrary File Upload Vuln (To Server) S
HTTP MS Edge Chakra - 'JsBuiltInEngineInterfaceExtensionObjectInjectJsBuiltInLibraryCode' UAF S
HTTP MyT Project Management 'Charge[group_total]' SQL Injection Vuln S
HTTP Newsbull Haber Script 'search' SQL Injection Vuln S
HTTP OpenSource ERP 'query' SQL Injection Vuln S
HTTP Oracle Reports Developer CVE-2019-2413 Remote Security Vulnerability S
HTTP OUGC Awards 'reason' Cross Site Scripting Vuln S
HTTP ownDMS 'IMG' SQL Injection Vuln S
HTTP ownDMS 'IMG' SQL Injection Vuln_1 S
HTTP ownDMS 'IMG' SQL Injection Vuln_2 S
HTTP ownDMS 'showfordoc' SQL Injection Vuln S
HTTP PHP Dashboards NEW 'dashID' SQL Injection Vuln S
HTTP PHP Dashboards NEW 5.8 - Local File Inclusion S
HTTP PHP Uber-style GeoTracking 'index.php' SQL Injection Vuln S
HTTP PHP Uber-style GeoTracking 'index.php' SQL Injection Vuln_1 S
HTTP PHP Uber-style GeoTracking 'index.php' SQL Injection Vuln_2 S
HTTP phpMoAdmin MongoDB GUI 'moadmin.php' Cross Site Scripting Vuln S
HTTP phpMoAdmin MongoDB GUI 'moadmin.php' Cross Site Scripting Vuln_1 S
HTTP phpMoAdmin MongoDB GUI 'moadmin.php' Cross Site Scripting Vuln_2 S
HTTP phptpoint Pharmacy Management System 1.0 - 'username' SQL injection S
HTTP phpTransformer 'idnews' SQL Injection Vuln S
HTTP phpTransformer 'path' Directory Traversal Vuln S
HTTP PlayJoom 0.10.1 - 'catid' SQL Injection S
HTTP Real Estate Custom Script 'filter_area' SQL Injection Vuln S
HTTP Real Estate Custom Script 'filter_range' SQL Injection Vuln S
HTTP Real Estate Custom Script 'property_id' SQL Injection Vuln S
HTTP Reservic 'id' SQL Injection Vuln S
HTTP ResourceSpace 'collection_edit.php' SQL Injection Vuln S
HTTP Roxy Fileman 'copydir.php' Directory Traversal Vuln S
HTTP Roxy Fileman 'copyfile.php' Directory Traversal Vuln S
HTTP Roxy Fileman 'fileslist.php' Directory Traversal Vuln S
HTTP Roxy Fileman 1.4.5 - Arbitrary File Download S
HTTP SeoToaster Ecommerce CRM CMS 3.0.0 - 'getcss' Local File Inclusion S
HTTP SeoToaster Ecommerce CRM CMS 3.0.0 - 'getjs' Local File Inclusion S
HTTP Shield CMS 'email' SQL Injection Vuln S
HTTP Silurus Classifieds Script 2.0 - 'wcategory' SQL Injection S
HTTP Teameyo Project Management System 'email' SQL Injection Vuln S
HTTP Teameyo Project Management System 'milestone_id' SQL Injection Vuln S
HTTP Teameyo Project Management System 'project_id' SQL Injection Vuln S
HTTP Tina4 Stack 1.0.3 - Cross-Site Request Forgery (Update Admin) (From Server) S
HTTP Tina4 Stack 1.0.3 - Cross-Site Request Forgery (Update Admin) (To Server) S
HTTP Tourism Website Blog - 'acc_id' SQL Injection S
HTTP Tourism Website Blog - 'address' SQL Injection S
HTTP Tourism Website Blog - 'category' SQL Injection S
HTTP Tourism Website Blog - Remote Code Execution S
HTTP Twilio WEB To Fax Machine System Application PHP Script 'password' SQL Injection Vuln S
HTTP User IP History Logs plugin for MyBB 'useragent' Cross Site Scripting Vuln S
HTTP WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free S
HTTP WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download S
HTTP WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection S
HTTP Wordpress Plugin UserPro 4.9.21 - User Registration Privilege Escalation S
HTTP Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing S
HTTP Zoho ManageEngine ServiceDesk Plus CVE-2019-8394 Arbitrary File Upload Vulnerability S
HTTP ZTE MF65 and MF65M1 'cmd' Cross Site Scripting Vuln S
HTTP Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery (From Server) S
HTTP Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery (To Server) S
Indusoft Web Studio 8.1 SP2 - Remote Code Execution S
Malware DNS Request Linked to Emotet Infection with IcedID (beyondbathroomsandplumbing.co.uk) S
Malware DNS Request Linked to Emotet Infection with IcedID (combarret.host) S
Malware DNS Request Linked to Emotet Infection with IcedID (decretery.host) S
Malware DNS Request Linked to Emotet Infection with IcedID (desaercsed.fun) S
Malware DNS Request Linked to Emotet Infection with IcedID (exeterol.host) S
Malware DNS Request Linked to Emotet Infection with IcedID (jirovided.host) S
Malware DNS Request Linked to Emotet Infection with IcedID (kepleted.pw) S
Malware DNS Request Linked to Emotet Infection with IcedID (olderivers.host) S
Malware DNS Request Linked to Emotet Infection with IcedID (possils.host) S
Malware DNS Request Linked to Emotet Infection with IcedID (simrahsoftware.com) S
Malware DNS Request Linked to Emotet Infection with IcedID (stronour.host) S
Malware DNS Request Linked to Emotet Infection with IcedID (tfihsdnema.fun) S
Malware DNS Request Linked to Emotet Infection with IcedID (ygrenevresed.fun) S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.