Search

Traffic File Update - September 2019

This Traffic IQ Professional update for September 2019 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for September 2019

145 Application Exploits

HPE Intelligent Management Center Information Disclosure S
HTTP 2 Plan Team 1.0.4 Cross Site Scripting S
HTTP ACTi ACM-3100 Camera Remote Command Execution S
HTTP Alkacon OpenCMS 10.5.x 'clearhistory.jsp' Local File Inclusion S
HTTP Alkacon OpenCMS 10.5.x 'group_new.jsp' Local File Inclusion S
HTTP Alkacon OpenCMS 10.5.x 'index.jsp' Local File Inclusion S
HTTP Alkacon OpenCMS 10.5.x 'loginmessage.jsp' Local File Inclusion S
HTTP Alkacon OpenCMS 10.5.x 'xmlcontentrepair.jsp' Local File Inclusion S
HTTP Alkacon OpenCMS Cross Site Scripting Vuln S
HTTP Alkacon OpenCMS Cross Site Scripting Vuln_1 S
HTTP Alkacon OpenCMS Cross Site Scripting Vuln_10 S
HTTP Alkacon OpenCMS Cross Site Scripting Vuln_11 S
HTTP Alkacon OpenCMS Cross Site Scripting Vuln_2 S
HTTP Alkacon OpenCMS Cross Site Scripting Vuln_3 S
HTTP Alkacon OpenCMS Cross Site Scripting Vuln_4 S
HTTP Alkacon OpenCMS Cross Site Scripting Vuln_5 S
HTTP Alkacon OpenCMS Cross Site Scripting Vuln_6 S
HTTP Alkacon OpenCMS Cross Site Scripting Vuln_7 S
HTTP Alkacon OpenCMS Cross Site Scripting Vuln_8 S
HTTP Alkacon OpenCMS Cross Site Scripting Vuln_9 S
HTTP API Bearer Auth Plugin for WordPress Cross-Site Scripting Vuln S
HTTP AVCON6 Systems Management Platform Remote Root S
HTTP Belkin N600DB Wireless Router - 'langchg.cgi' Wifi Password Disclosure S
HTTP CentOS Control Web Panel (CWP) 0.9.8.851 phpMyAdmin Password Change S
HTTP Chrome V8 - 'Runtime_RegExpReplace' Integer Overflow S
HTTP Chrome V8 JIT - Empty BytecodeJumpTable Out-of-Bounds Read S
HTTP Cisco Data Center Network Manager Unauthenticated Remote Code Execution S
HTTP Cisco UCS Director Unauthenticated Remote Code Execution S
HTTP Cisco UCS IMC Supervisor Authentication Bypass S
HTTP Cisco UCS IMC Supervisor Command Injection S
HTTP Control Web Panel 0.9.8.851 - Access Other DNS and Delete S
HTTP Control Web Panel 0.9.8.851 - Add forward mail S
HTTP Control Web Panel 0.9.8.851 - Change other email password S
HTTP Control Web Panel 0.9.8.851 - Change target mail usage S
HTTP Control Web Panel 0.9.8.851 - Delete other domain S
HTTP Control Web Panel 0.9.8.851 - Delete other email account S
HTTP Control Web Panel 0.9.8.851 - Delete other mail forwarder S
HTTP Control Web Panel 0.9.8.851 - Delete other sub-domain S
HTTP Control Web Panel 0.9.8.851 - Modify forward mail destination 'Access' S
HTTP Control Web Panel 0.9.8.851 - Modify forward mail destination 'Delete' S
HTTP Control Web Panel 0.9.8.851 - Remove user from phpMyAdmin S
HTTP DASAN Zhone ZNID GPON 2426A EU Cross-Site Scripting Vuln S
HTTP DASAN Zhone ZNID GPON 2426A EU Cross-Site Scripting Vuln_1 S
HTTP DASAN Zhone ZNID GPON 2426A EU Cross-Site Scripting Vuln_2 S
HTTP DIGIT CENTRIS ERP 'datum1' SQL Injection Vuln S
HTTP DIGIT CENTRIS ERP 'datum2' SQL Injection Vuln S
HTTP DIGIT CENTRIS ERP 'KID' SQL Injection Vuln S
HTTP DIGIT CENTRIS ERP 'PID' SQL Injection Vuln S
HTTP Dolibarr ERP-CRM 'card.php' SQL Injection Vuln S
HTTP Dolibarr ERP-CRM 'card.php' SQL Injection Vuln_1 S
HTTP Dolibarr ERP-CRM 'card.php' SQL Injection Vuln_2 S
HTTP Dolibarr ERP-CRM 'elemid' SQL Injection Vuln S
HTTP Download Manager plugin for WordPress 'orderby' Cross-Site Scripting Vuln S
HTTP Download Manager plugin for WordPress 'orderby' Cross-Site Scripting Vuln_1 S
HTTP Enigma NMS 65.0.0 Cross Site Request Forgery (From Server) S
HTTP Enigma NMS 65.0.0 Cross Site Request Forgery (To Server) S
HTTP Enigma NMS 65.0.0 OS Command Injection S
HTTP eWON Flexy 13.0 Authentication Bypass S
HTTP File Sharing Wizard 1.5.0 SEH Buffer Overflow S
HTTP FileThingie 2.5.7 Remote Command Execution S
HTTP FileThingie 2.5.7 Remote Shell Unzip S
HTTP FileThingie 2.5.7 Remote Shell Upload S
HTTP FusionPBX 4.4.8 Remote Code Execution S
HTTP Generic Zip Slip Traversal S
HTTP Gila CMS Local File Inclusion S
HTTP GOautodial 'title' Cross-Site Scripting Vuln S
HTTP Heatmiser Wifi Thermostat 1.7 - CSRF (Update Admin) (From Server) S
HTTP Heatmiser Wifi Thermostat 1.7 - CSRF (Update Admin) (To Server) S
HTTP HumHub 1.3.12 Cross Site Scripting S
HTTP IntelBras TELEFONE IP TIP200200 LITE 60.61.75.15 Arbitrary File Read S
HTTP Jobberbase 2.0 subscribe SQL Injection S
HTTP Joomla JS Support Ticket 1.1.6 SQL Injection S
HTTP JSC YarrJIT initParenContextFreeList Byte Overwrite S
HTTP Legrand BTicino Driver Manager F454 1.0.51 Cross Site Scripting (From Server) S
HTTP Legrand BTicino Driver Manager F454 1.0.51 Cross Site Scripting (To Server) S
HTTP LimeSurvey 'surveyid' Cross-Site Scripting Vuln S
HTTP LimeSurvey 3.17.13 Cross Site Scripting S
HTTP Live Call Support Widget 1.5 - CSRF (Add Admin) (From Server) S
HTTP Live Call Support Widget 1.5 - CSRF (Add Admin) (To Server) S
HTTP Microsoft Edge Chakra JIT - ImplicitCallFlags Checks Bypass S
HTTP Microsoft Edge Chakra JIT - Memory Corruption S
HTTP Nessus 8.2.1 - Cross-Site Scripting S
HTTP NetSAS Enigma NMS 'search_pattern' SQL Injection Vuln S
HTTP Nimble Streamer 3.x Directory Traversal S
HTTP NPMJS gitlabhook 0.0.17 Remote Command Execution S
HTTP October CMS Upload Protection Bypass Code Execution S
HTTP OpenEdx Ironwood 'course_id' Cross-Site Scripting Vuln S
HTTP OpenEdx Ironwood 'user' Cross-Site Scripting Vuln S
HTTP OpenProject 8.3.1 SQL Injection S
HTTP phpMyAdmin 4.9.0.1 Cross Site Request Forgery (From Server) S
HTTP phpMyAdmin 4.9.0.1 Cross Site Request Forgery (To Server) S
HTTP Ping Identity Agentless Integration Kit Cross Site Scripting S
HTTP Piwigo 'account_billing' CSRF Vuln (From Server) S
HTTP Piwigo 'account_billing' CSRF Vuln (To Server) S
HTTP Piwigo 'account_billing' CSRF Vuln_1 (From Server) S
HTTP Piwigo 'account_billing' CSRF Vuln_1 (To Server) S
HTTP Piwigo 'account_billing' CSRF Vuln_2 (From Server) S
HTTP Piwigo 'account_billing' CSRF Vuln_2 (To Server) S
HTTP Piwigo 'account_billing' CSRF Vuln_3 (From Server) S
HTTP Piwigo 'account_billing' CSRF Vuln_3 (To Server) S
HTTP Piwigo 'notification_by_mail' CSRF Vuln (From Server) S
HTTP Piwigo 'notification_by_mail' CSRF Vuln (To Server) S
HTTP Piwigo 'notification_by_mail' CSRF Vuln_1 (From Server) S
HTTP Piwigo 'notification_by_mail' CSRF Vuln_1 (To Server) S
HTTP Piwigo 'notification_by_mail' CSRF Vuln_2 (From Server) S
HTTP Piwigo 'notification_by_mail' CSRF Vuln_2 (To Server) S
HTTP Piwigo 'notification_by_mail' CSRF Vuln_3 (From Server) S
HTTP Piwigo 'notification_by_mail' CSRF Vuln_3 (To Server) S
HTTP Piwigo 'notification_by_mail' CSRF Vuln_4 (From Server) S
HTTP Piwigo 'notification_by_mail' CSRF Vuln_4 (To Server) S
HTTP Piwigo 'notification_by_mail' CSRF Vuln_5 (From Server) S
HTTP Piwigo 'notification_by_mail' CSRF Vuln_5 (To Server) S
HTTP Piwigo 2.9.5 Cross Site Scripting Command Execution S
HTTP Portrait-Archiv-Shop Plugin for WordPress Cross-Site Scripting Vuln S
HTTP Pulse Secure 8.1R15.1 8.2 8.3 9.0 SSL VPN Remote Code Execution S
HTTP Sentrifugo 3.2 - File Upload Restriction Bypass S
HTTP Spryng Payments WooCommerce Plugin for WordPress Cross-Site Scripting Vuln S
HTTP Tibco JasperSoft 'resource' Directory Traversal Vuln S
HTTP Totaljs CMS 12.0 'author' Cross Site Scripting S
HTTP Totaljs CMS 12.0 'template' Path Traversal S
HTTP Totaljs CMS 12.0 Information Disclosure S
HTTP VX Search Enterprise 10.4.16 Denial Of Service S
HTTP Webmin 1.920 rpc.cgi Remote Root S
HTTP Western Digital My Book World II NAS 1.02.12 Hardcoded Credential S
HTTP WordPress Checklist 'fill' Cross-Site Scripting Vuln S
HTTP WordPress Ecpay Logistics For WooCommerce 'CVSStoreName' Cross-Site Scripting Vuln S
HTTP WordPress Ellipsis Human Presence Technology 'page' Cross-Site Scripting Vuln S
HTTP WordPress Photo Gallery 'album_id' SQL Injection Vuln S
HTTP WordPress Qwiz Online Quizzes And Flashcards 'qname' Cross-Site Scripting Vuln S
HTTP WordPress SlickQuiz 'email' Cross-Site Scripting Vuln S
HTTP WordPress SlickQuiz 'id' SQL Injection Vuln S
HTTP WordPress SlickQuiz 'id' SQL Injection Vuln_1 S
HTTP WordPress SlickQuiz 'id' SQL Injection Vuln_2 S
HTTP WordPress SlickQuiz 'name' Cross-Site Scripting Vuln S
HTTP WordPress SlickQuiz 'score' Cross-Site Scripting Vuln S
HTTP YouPHPTube 7.4 Remote Code Execution S
HTTP Zurmo 3.2.6 Persistent Cross Site Scripting S
HTTP Zyxel USG UAG ATP VPN NXC External DNS Requests - GET Request S
HTTP Zyxel USG UAG ATP VPN NXC External DNS Requests - POST Request S
HTTP µTorrent (uTorrent) ClassicWeb - Change Download Directory CSRF S
HTTP µTorrent (uTorrent) ClassicWeb - Information Disclosure S
Malware GET Request Associated with Emotet Malspam (fitchciapara.com) S
Malware GET Request Associated with Emotet Malspam (komatireddy.net) S
Malware GET Request Associated with Emotet Malspam (www.sirijayareddypsychologist.com) S
UDP AwindInc SNMP Service Command Injection S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.