Search

Traffic File Update - November 2019

This Traffic IQ Professional update for November 2019 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for November 2019

150 Application Exploits

HTTP Adive Framework 2.0.7 Privilege Escalation S
HTTP Adrenalin Core HCM 'prntDDLCntrlName' Cross-Site Scripting Vuln S
HTTP Adrenalin Core HCM 'prntFrmName' Cross-Site Scripting Vuln S
HTTP Adrenalin Core HCM 'strAction' Cross-Site Scripting Vuln S
HTTP Advanced Comment System 1.0 Cross Site Scripting S
HTTP Ajenti 2.1.31 Remote Code Execution S
HTTP Atlassian Confluence 6.15.1 Directory Traversal S
HTTP Bematech Printer MP-4200 Cross Site Scripting S
HTTP Bematech Printer MP-4200 Denial Of Service S
HTTP Centova Cast 3.2.11 Arbitrary File Download S
HTTP Centova Cast 3.2.12 Denial Of Service S
HTTP Citrix StoreFront Server 7.15 XML Injection S
HTTP ClonOs WEB UI 19.09 - changePassword Improper Access Control S
HTTP ClonOs WEB UI 19.09 - GetUser Improper Access Control S
HTTP CMS Made Simple 2.2.8 Remote Code Execution S
HTTP College-Management-System 1.2 Authentication Bypass S
HTTP Computrols CBAS-Web 'Add Super Admin' CSRF Vuln (From Server) S
HTTP Computrols CBAS-Web 'Add Super Admin' CSRF Vuln (To Server) S
HTTP Computrols CBAS-Web 19.0.0 Information Disclosure S
HTTP Computrols CBAS-Web 19.0.0 Username Enumeration S
HTTP Fastweb Fastgate 0.00.81 Remote Code Execution S
HTTP FlexAir Access Control 2.3.38 Command Injection S
HTTP FlexAir Access Control 2.3.38 Remote Root S
HTTP FUDForum 3.0.9 Code Execution S
HTTP FusionPBX Command exec.php Command Execution S
HTTP FusionPBX Operator Panel exec.php Command Execution S
HTTP Honeywell MCR Web Controller Cross Site Scripting S
HTTP Honeywell MCR Web Controller Path Disclosure S
HTTP Hospital-Management 1.26 SQL Injection S
HTTP html5_snmp 'Remark' Cross-Site Scripting Vuln S
HTTP html5_snmp 'Router_IP' SQL Injection Vuln S
HTTP ilchCMS 2.1.23 'banner' Cross Site Scripting S
HTTP ilchCMS 2.1.23 'link' Cross Site Scripting S
HTTP ilchCMS 2.1.23 'name' Cross Site Scripting S
HTTP Infosysta Jira 1.6.13_J8 Project List Authentication Bypass S
HTTP Infosysta Jira 1.6.13_J8 Push Notification Authentication Bypass S
HTTP Infosysta Jira 1.6.13_J8 User Name Disclosure S
HTTP Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery (From Server) S
HTTP Intelbras Router WRN150 'Server Name' Cross-Site Scripting Vuln S
HTTP Intelbras Router WRN150 'Service Name' Cross-Site Scripting Vuln S
HTTP Jenkins Build-Metrics 1.3 Cross Site Scripting S
HTTP Joomla Google Maps 'Itemid' SQL Injection Vuln S
HTTP Joomla Google Maps 'print' SQL Injection Vuln S
HTTP Joomla Mad4Joomla 'Itemid' SQL Injection Vuln S
HTTP Joomla Mad4Joomla 'jid' SQL Injection Vuln S
HTTP Joomla MisterEstate 'Itemid' SQL Injection Vuln S
HTTP Joomla Sumoku 'Itemid' SQL Injection Vuln S
HTTP Joomla SwPhotoGallery 'location' SQL Injection Vuln S
HTTP Joomla Vemod News Mailer 'userid' SQL Injection Vuln S
HTTP LavaLite CMS 'designation' Cross-Site Scripting Vuln S
HTTP LavaLite CMS 'name' Cross-Site Scripting Vuln S
HTTP Lexmark Services Monitor 2.27.4.0.39 'PerfStringBackup.ini' Directory Traversal S
HTTP Lexmark Services Monitor 2.27.4.0.39 'slmgr.ini' Directory Traversal S
HTTP Linear eMerge E3 'layout' Cross-Site Scripting Vuln S
HTTP Linear eMerge E3 1.00-06 Arbitrary File Upload S
HTTP Linear eMerge E3 1.00-06 Arbitrary Root Code Execution S
HTTP Linear eMerge E3 1.00-06 card_scan.php Command Injection S
HTTP Linear eMerge E3 1.00-06 card_scan_decoder.php Command Injection S
HTTP Linear eMerge E3 1.00-06 Privilege Disclosure S
HTTP Linear eMerge E3 1.00-06 Privilege Escalation S
HTTP Linear eMerge50P5000P 4.6.07 'restart' Remote Code Execution S
HTTP Linear eMerge50P5000P 4.6.07 'timeserver1' Remote Code Execution S
HTTP Linear eMerge50P5000P 4.6.07 'whoami' Remote Code Execution S
HTTP Mr Blog PHP 'duzenle' Cross-Site Scripting Vuln S
HTTP Mr Blog PHP 'kat' SQL Injection Vuln S
HTTP Nextcloud 17 'Change User Email' Cross Site Request Forgery S
HTTP Nextcloud 17 'Change User Full Name' Cross Site Request Forgery S
HTTP Nextcloud 17 'Change User Password' Cross Site Request Forgery S
HTTP Nextcloud 17 'Create Folder' Cross Site Request Forgery S
HTTP Nextcloud 17 'Create Group' Cross Site Request Forgery S
HTTP Nextcloud 17 'Create User' Cross Site Request Forgery S
HTTP Nextcloud 17 'Delete Folder' Cross Site Request Forgery S
HTTP Nextcloud 17 'Delete Group' Cross Site Request Forgery S
HTTP Nextcloud 17 'Delete User' Cross Site Request Forgery S
HTTP Nextcloud 17 'Disable User' Cross Site Request Forgery S
HTTP Nextcloud 17 'Enable User' Cross Site Request Forgery S
HTTP Nortek Linear eMerge E3 Access Control 'Add Admin' CSRF Vuln (From Server) S
HTTP Nortek Linear eMerge E3 Access Control 'Add Admin' CSRF Vuln (To Server) S
HTTP Nortek Linear eMerge E3 Access Control 'Change Admin Password' CSRF Vuln (From Server) S
HTTP Nortek Linear eMerge E3 Access Control 'Change Admin Password' CSRF Vuln (To Server) S
HTTP Nostromo 1.9.6 Directory Traversal Remote Command Execution S
HTTP OpenCMS 10.5.4 'firstname' Cross Site Scripting S
HTTP OpenCMS 10.5.4 'lastname' Cross Site Scripting S
HTTP OpenNetAdmin 18.1.1 Remote Code Execution S
HTTP OpenProject 'sortBy' Cross-Site Scripting Vuln S
HTTP Optergy BMS 2.0.3a Account Reset Username Disclosure S
HTTP Optergy BMS 2.0.3a Remote Root S
HTTP Optergy Proton and Enterprise BMS 'Add Admin' CSRF Vuln (From Server) S
HTTP Optergy Proton and Enterprise BMS 'Add Admin' CSRF Vuln (To Server) S
HTTP Optergy ProtonEnterprise BMS 2.3.0a Open Redirect S
HTTP ownCloud Stable 'Change Language' CSRF Vuln (From Server) S
HTTP ownCloud Stable 'Change Language' CSRF Vuln (To Server) S
HTTP ownCloud Stable 'Change User Email' CSRF Vuln (From Server) S
HTTP ownCloud Stable 'Change User Email' CSRF Vuln (To Server) S
HTTP ownCloud Stable 'Change User Full Name' CSRF Vuln (From Server) S
HTTP ownCloud Stable 'Change User Full Name' CSRF Vuln (To Server) S
HTTP ownCloud Stable 'Change User Password' CSRF Vuln (From Server) S
HTTP ownCloud Stable 'Change User Password' CSRF Vuln (To Server) S
HTTP ownCloud Stable 'Create Group' CSRF Vuln (From Server) S
HTTP ownCloud Stable 'Create Group' CSRF Vuln (To Server) S
HTTP ownCloud Stable 'Create User' CSRF Vuln (From Server) S
HTTP ownCloud Stable 'Create User' CSRF Vuln (To Server) S
HTTP Pagekit CMS 1.0.17 Cross Site Request Forgery (From Server) S
HTTP Pagekit CMS 1.0.17 Cross Site Request Forgery (To Server) S
HTTP Parallels Plesk Panel 'fileName' Cross-Site Scripting Vuln S
HTTP Prima Access Control 'value' Cross-Site Scripting Vuln S
HTTP Prima Access Control 2.3.35 Script Upload Remote Code Execution S
HTTP Prima FlexAir Access Control 2.3.35 Database Backup Predictable Name S
HTTP Raritan CommandCenter Secure Gateway 'macroFile' Cross-Site Scripting Vuln S
HTTP rimbalinux AhadPOS 'alamatCustomer' SQL Injection Vuln S
HTTP rimbalinux AhadPOS 'barcode' SQL Injection Vuln S
HTTP RISE Ultimate Project Manager 'add_team_member' CSRF Vuln (From Server) S
HTTP RISE Ultimate Project Manager 'add_team_member' CSRF Vuln (To Server) S
HTTP Rusty Joomla Unauthenticated Remote Code Execution S
HTTP Scripteen Image Upload Shell Upload S
HTTP SD.NET RIM 'idtyp' SQL Injection Vuln S
HTTP Siemens Desigo PX 6.00 Denial Of Service S
HTTP SMA Solar Technology AG Sunny WebBox CSRF Vuln (From Server) S
HTTP SMA Solar Technology AG Sunny WebBox CSRF Vuln (To Server) S
HTTP Smartwares HOME Easy 1.0.9 'action_task' Authentication Bypass S
HTTP Smartwares HOME Easy 1.0.9 'plan_task' Authentication Bypass S
HTTP Smartwares HOME Easy 1.0.9 'room' Authentication Bypass S
HTTP Smartwares HOME Easy 1.0.9 'scene' Authentication Bypass S
HTTP Smartwares HOME Easy 1.0.9 'system' Authentication Bypass S
HTTP Smartwares HOME Easy 1.0.9 'task' Authentication Bypass S
HTTP Technicolor TD5130.2 Remote Command Execution S
HTTP TemaTres 3.0 Cross Site Request Forgery S
HTTP TestLink 1.9.19 'edit' Cross Site Scripting S
HTTP TestLink 1.9.19 'nsextt' Cross Site Scripting S
HTTP TestLink 1.9.19 'reqURI' Cross Site Scripting S
HTTP TestLink 1.9.19 'show_mode' Cross Site Scripting S
HTTP thrsrossi Millhouse-Project 'content' Cross-Site Scripting Vuln S
HTTP TP-Link Archer VR300 'connName' Cross-Site Scripting Vuln S
HTTP waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 'description' Cross Site Scripting S
HTTP waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 'title' Cross Site Scripting S
HTTP WolfCMS 0.8.3.1 Cross Site Scripting S
HTTP WordPress Broken Link Checker 's_filter' Cross-Site Scripting Vuln S
HTTP WordPress Download Manager 2.5 'admin-ajax.php' CSRF (From Server) S
HTTP WordPress Download Manager 2.5 'admin-ajax.php' CSRF (To Server) S
HTTP WordPress Download Manager 2.5 'edit.php' CSRF (From Server) S
HTTP WordPress Download Manager 2.5 'edit.php' CSRF (To Server) S
HTTP WordPress Google Review Slider 6.1 SQL Injection S
HTTP WordPress Popup Builder 3.49 Cross Site Scripting S
HTTP WordPress Social Photo Gallery 1.0 Remote Code Execution S
HTTP Xfilesharing 2.5.1 Local File Inclusion S
HTTP Xfilesharing 2.5.1 Shell Upload (From Server) S
HTTP Xfilesharing 2.5.1 Shell Upload (To Server) S
Net-SNMPd Write Access SNMP-EXTEND-MIB Arbitrary Code Execution S
POP3 Win10 MailCarrier 2.51 Buffer Overflow S
TCP Carel pCOWeb HVAC Modbus Interface Authentication Bypass S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.