Search

Traffic File Update - April 2019

This Traffic IQ Professional update for April 2019 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for April 2019

179 Application Exploits

FTP Core FTP 2.0 build 653 - 'PBSZ' Denial of Service (PoC) S
FTP CoreFTP Server FTPSFTP Server CVE-2019-9648 Directory Traversal Vulnerability S
FTP CoreFTP Server FTPSFTP Server CVE-2019-9649 Directory Traversal Vulnerability S
HTTP 202CMS v10beta - 'reg_mail' SQL Injection S
HTTP 202CMS v10beta - 'reg_user' SQL Injection S
HTTP 74CMS 5.0.1 Cross Site Request Forgery (From Server) S
HTTP 74CMS 5.0.1 Cross Site Request Forgery (To Server) S
HTTP Apache Axis 1.4 - Remote Code Execution S
HTTP BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure S
HTTP BEWARD N100 H.264 VGA IP Camera M2.1.6 - CSRF (Add Admin) (From Server) S
HTTP BEWARD N100 H.264 VGA IP Camera M2.1.6 - CSRF (Add Admin) (To Server) S
HTTP Bolt CMS 3.6.6 Remote Code Execution S
HTTP Bootstrapy CMS - 'contact-submit.php' SQL Injection S
HTTP Bootstrapy CMS - 'forum-thread.php' SQL Injection S
HTTP Bootstrapy CMS - 'post-new-submit.php' SQL Injection S
HTTP Cisco RV130W Routers - Management Interface Remote Command Execution (Metasploit) S
HTTP Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit) S
HTTP D-Link DI-524 2.06RU Cross Site Scripting S
HTTP devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery S
HTTP DirectAdmin 1.55 - 'CMD_ACCOUNT_ADMIN' Cross-Site Request Forgery (From Server) S
HTTP DirectAdmin 1.55 - 'CMD_ACCOUNT_ADMIN' Cross-Site Request Forgery (To Server) S
HTTP eNdonesia Portal 8.7 - 'admin.php' SQL Injection S
HTTP eNdonesia Portal 8.7 - 'banners.php' SQL Injection S
HTTP eNdonesia Portal 8.7 - 'bid' Frame Injection S
HTTP eNdonesia Portal 8.7 - 'comments' Frame Injection S
HTTP eNdonesia Portal 8.7 - 'fname' Frame Injection S
HTTP eNdonesia Portal 8.7 - 'user.php' SQL Injection S
HTTP Ericsson Active Library Explorer (ALEX) Cross Site Scripting Vuln S
HTTP Ericsson Active Library Explorer (ALEX) Cross Site Scripting Vuln_1 S
HTTP Ericsson Active Library Explorer (ALEX) Cross Site Scripting Vuln_2 S
HTTP Event Locations 'id' SQL Injection Vuln S
HTTP Fat Free CRM 0.19.0 - HTML Injection S
HTTP Google Chrome 72.0.3626.81 - 'V8TrustedTypePolicyOptionsToImpl' Type Confusion S
HTTP ICE HRM 'data.php' SQL Injection Vuln S
HTTP ICE HRM 'service.php' SQL Injection Vuln S
HTTP Intel Modular Server System 10.18 - CSRF (Change Admin Password) (From Server) S
HTTP Intel Modular Server System 10.18 - CSRF (Change Admin Password) (To Server) S
HTTP IPFire 'AUTH_ALWAYS_REQUIRED' Cross Site Scripting Vuln S
HTTP IPFire 'AUTH_CACHE_TTL' Cross Site Scripting Vuln S
HTTP IPFire 'AUTH_CHILDREN' Cross Site Scripting Vuln S
HTTP IPFire 'CACHE_MEM' Cross Site Scripting Vuln S
HTTP IPFire 'CACHE_SIZE' Cross Site Scripting Vuln S
HTTP IPFire 'DST_NOAUTH' Cross Site Scripting Vuln S
HTTP IPFire 'FILEDESCRIPTORS' Cross Site Scripting Vuln S
HTTP IPFire 'MAX_INCOMING_SIZE' Cross Site Scripting Vuln S
HTTP IPFire 'MAX_OUTGOING_SIZE' Cross Site Scripting Vuln S
HTTP IPFire 'MAX_SIZE' Cross Site Scripting Vuln S
HTTP IPFire 'MIN_SIZE' Cross Site Scripting Vuln S
HTTP IPFire 'PROXY_PORT' Cross Site Scripting Vuln S
HTTP IPFire 'TRANSPARENT_PORT' Cross Site Scripting Vuln S
HTTP IPFire 'txt_mailpass' Cross Site Scripting Vuln S
HTTP IPFire 'txt_mailport' Cross Site Scripting Vuln S
HTTP IPFire 'txt_mailserver' Cross Site Scripting Vuln S
HTTP IPFire 'txt_mailuser' Cross Site Scripting Vuln S
HTTP IPFire 'txt_recipient' Cross Site Scripting Vuln S
HTTP IPFire 'UPSTREAM_PASSWORD' Cross Site Scripting Vuln S
HTTP IPFire 'UPSTREAM_PROXY' Cross Site Scripting Vuln S
HTTP IPFire 'UPSTREAM_USER' Cross Site Scripting Vuln S
HTTP Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass S
HTTP JioFi 4G M2S 1.0.2 Cross Site Scripting S
HTTP JioFi 4G M2S 1.0.2 Denial Of Service S
HTTP Kados R10 GreenBee 'app_columns.php' SQL Injection Vuln S
HTTP Kados R10 GreenBee 'app_columns.php' SQL Injection Vuln_1 S
HTTP Kados R10 GreenBee 'external_connections.php' SQL Injection Vuln S
HTTP Kados R10 GreenBee 'languages.php' SQL Injection Vuln S
HTTP Kados R10 GreenBee 'languages.php' SQL Injection Vuln_1 S
HTTP Kados R10 GreenBee 'my_profile.php' SQL Injection Vuln S
HTTP Kados R10 GreenBee 'my_profile_password.php' SQL Injection Vuln S
HTTP Kados R10 GreenBee 'news.php' SQL Injection Vuln S
HTTP Kados R10 GreenBee 'news.php' SQL Injection Vuln_1 S
HTTP Kados R10 GreenBee 'news.php' SQL Injection Vuln_2 S
HTTP Kados R10 GreenBee 'parameters.php' SQL Injection Vuln S
HTTP Kados R10 GreenBee 'parameters.php' SQL Injection Vuln_1 S
HTTP Kados R10 GreenBee 'profiles.php' SQL Injection Vuln S
HTTP Kados R10 GreenBee 'profiles.php' SQL Injection Vuln_1 S
HTTP Kados R10 GreenBee 'projects.php' SQL Injection Vuln S
HTTP Kados R10 GreenBee 'templates_project.php' SQL Injection Vuln S
HTTP Kados R10 GreenBee 'template_checklist.php' SQL Injection Vuln S
HTTP Kados R10 GreenBee 'template_tags.php' SQL Injection Vuln S
HTTP Kados R10 GreenBee 'template_tags_groups.php' SQL Injection Vuln S
HTTP Kados R10 GreenBee 'users.php' SQL Injection Vuln S
HTTP Kados R10 GreenBee 'users.php' SQL Injection Vuln_1 S
HTTP Kados R10 GreenBee 'users.php' SQL Injection Vuln_2 S
HTTP Magento 2.3.0 SQL Injection S
HTTP Microsoft VBScript - VbsErase Memory Corruption S
HTTP MiniUPnPd 2.1 - Out-of-Bounds Read S
HTTP Nagios XI 5.5.10 Cross Site Scripting S
HTTP Nagios XI 5.5.10 Remote Code Execution S
HTTP OpenDocMan ''where' SQL Injection Vuln S
HTTP OPNsense 'category' Cross-Site Scripting Vuln S
HTTP OPNsense 'category' Cross-Site Scripting Vuln_1 S
HTTP OPNsense 'category' Cross-Site Scripting Vuln_2 S
HTTP OPNsense 'descr' Cross-Site Scripting Vuln S
HTTP OPNsense 'GDrive_GDriveBackupCount' Cross-Site Scripting Vuln S
HTTP OPNsense 'GDrive_GDriveEmail' Cross-Site Scripting Vuln S
HTTP OPNsense 'GDrive_GDriveFolderID' Cross-Site Scripting Vuln S
HTTP OPNsense 'host' Cross-Site Scripting Vuln S
HTTP OPNsense 'host' Cross-Site Scripting Vuln_1 S
HTTP OPNsense 'ignoreLogACL' Cross-Site Scripting Vuln S
HTTP OPNsense 'mailserver' Cross-Site Scripting Vuln S
HTTP OPNsense 'Nextcloud_backupdir' Cross-Site Scripting Vuln S
HTTP OPNsense 'Nextcloud_password' Cross-Site Scripting Vuln S
HTTP OPNsense 'Nextcloud_password_encryption' Cross-Site Scripting Vuln S
HTTP OPNsense 'Nextcloud_url' Cross-Site Scripting Vuln S
HTTP OPNsense 'Nextcloud_user' Cross-Site Scripting Vuln S
HTTP OPNsense 'passthrough_networks[]' Cross-Site Scripting Vuln S
HTTP OPNsense 'tag' Cross-Site Scripting Vuln S
HTTP OPNsense 'tunable' Cross-Site Scripting Vuln S
HTTP OPNsense 'value' Cross-Site Scripting Vuln S
HTTP OPNsense 'vlanif' Cross-Site Scripting Vuln S
HTTP osCommerce 'currency' SQL Injection Vuln S
HTTP osCommerce 'products_id' SQL Injection Vuln S
HTTP osCommerce 'reviews_id' SQL Injection Vuln S
HTTP osTicket 1.11 - 'ajax.php' Cross-Site Scripting To Local File Inclusion S
HTTP osTicket 1.11 - 'users.php' Cross-Site Scripting To Local File Inclusion S
HTTP pfSense 'address0' Cross-Site Scripting Vuln S
HTTP pfSense 'defaultqueue' Cross-Site Scripting Vuln S
HTTP pfSense 'dnpipe' Cross-Site Scripting Vuln S
HTTP pfSense 'dscp' Cross-Site Scripting Vuln S
HTTP pfSense 'gpstype' Cross-Site Scripting Vuln S
HTTP pfSense 'host' Cross-Site Scripting Vuln S
HTTP pfSense 'name' Cross-Site Scripting Vuln S
HTTP pfSense 'statetype' Cross-Site Scripting Vuln S
HTTP pfSense 'tag' Cross-Site Scripting Vuln S
HTTP pfSense 'tagged' Cross-Site Scripting Vuln S
HTTP pfSense 'vlanprio' Cross-Site Scripting Vuln S
HTTP pfSense 'vlanprioset' Cross-Site Scripting Vuln S
HTTP pfSense 'wan' Cross-Site Scripting Vuln S
HTTP pfSense 'webguiproto' Cross-Site Scripting Vuln S
HTTP phpFileManager 1.7.8 - Local File Inclusion S
HTTP PhreeBooks ERP 5.2.3 - Remote Command Execution S
HTTP PilusCart 1.4.1 - Cross-Site Request Forgery (Add Admin) (From Server) S
HTTP PilusCart 1.4.1 - Cross-Site Request Forgery (Add Admin) (To Server) S
HTTP Placeto CMS Alpha v4 - 'page' SQL Injection S
HTTP PLC Wireless Router GPN2.4P21-C-CN Incorrect Access Control (From Server) S
HTTP PLC Wireless Router GPN2.4P21-C-CN Incorrect Access Control (To Server) S
HTTP Rails 5.2.1 Arbitrary File Content Disclosure S
HTTP Rukovoditel Project Management CRM 'lists_id' SQL Injection Vuln S
HTTP SaLICru -SLC-20-cube3(5) - 'AlarmLog.csv' HTML Injection S
HTTP SaLICru -SLC-20-cube3(5) - 'chart.shtml' HTML Injection S
HTTP SaLICru -SLC-20-cube3(5) - 'createlog.cgi' HTML Injection S
HTTP SaLICru -SLC-20-cube3(5) - 'DataLog.csv' HTML Injection S
HTTP SaLICru -SLC-20-cube3(5) - 'waitlog.cgi' HTML Injection S
HTTP ShoreTel Connect ONSITE 'brandUrl' Cross Site Scripting S
HTTP ShoreTel Connect ONSITE 'page' Cross Site Scripting S
HTTP Sierra Wireless AirLink ES450 ACEManager 'defaults.xml' Information Disclosure S
HTTP Sierra Wireless AirLink ES450 ACEManager GET 'ping_result.cgi' Cross-Site Scripting S
HTTP Sierra Wireless AirLink ES450 ACEManager iplogging.cgi Command Injection S
HTTP Sierra Wireless AirLink ES450 ACEManager POST 'ping_result.cgi' Cross-Site Scripting S
HTTP Sierra Wireless AirLink ES450 ACEManager template_load.cgi Information Disclosure S
HTTP Sierra Wireless AirLink ES450 ACEManager upload.cgi Unverified Password Change S
HTTP Skyworth GPON HomeGateways and Optical Network Terminals - Stack Overflow S
HTTP Smoothwall Express 'BOOT_FILE' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'BOOT_ROOT' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'BOOT_SERVER' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'CHILDREN' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'DNS1' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'DNS2' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'END_ADDR' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'NTP1' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'START_ADDR' Cross-Site Scripting Vuln S
HTTP SuiteCRM 'record' SQL Injection Vuln S
HTTP TeemIp IPAM 2.4.0 - 'new_config' Command Injection (Metasploit) S
HTTP The Company Business Website CMS - 'user_name' SQL Injection S
HTTP Titan FTP Server Version 2019 Build 3505 - Directory Traversal Local File Inclusion S
HTTP TP-LINK TL-WR940N TL-WR941ND - Buffer Overflow S
HTTP Webiness Inventory 'email' SQL Injection Vuln S
HTTP WebKitGTK+ - 'ThreadedCompositor' Race Condition S
HTTP Wifi-soft Unibox 2.x Remote Command Code Injection (CVE-2019-3495) S
HTTP Wifi-soft Unibox 2.x Remote Command Code Injection (CVE-2019-3496) S
HTTP Wifi-soft Unibox 2.x Remote Command Code Injection (CVE-2019-3497) S
HTTP WordPress article2pdf 0.24 File Deletion - Disclosure S
HTTP WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - LFI S
HTTP WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion S
HTTP WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 - Parameter Tampering S
MailCarrier 2.51 - 'RCPT TO' Buffer Overflow S
MailCarrier 2.51 - POP3 'LIST' SEH Buffer Overflow S
MailCarrier 2.51 - POP3 'TOP' SEH Buffer Overflow S
MailCarrier 2.51 - POP3 'USER' Buffer Overflow S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.