Traffic IQ Professional
Traffic File Update for January 2019
176 Application Exploits
CloudMe Sync 1.11.2 - Buffer Overflow + Egghunt S
Delta Electronics Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (MSF) S
Erlang - Port Mapper Daemon Cookie RCE (Metasploit) S
HTP Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload 'GET' Exploit S
HTP Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload 'POST' Exploit S
HTTP ABC ERP (Update Admin) CSRF Vuln (From Server) S
HTTP ABC ERP (Update Admin) CSRF Vuln (To Server) S
HTTP Adapt Inventory Management System 'invoice.php' SQL Injection Vuln S
HTTP Adapt Inventory Management System 'login.php' SQL Injection Vuln S
HTTP Adianti Framework 'username' SQL Injection Vuln S
HTTP Adicon Server Plugin for WordPress 'addIcon.php' SQL Injection Vuln S
HTTP Adiscon LogAnalyzer 'login.php' Cross Site Scripting Vuln S
HTTP Adobe ColdFusion 2018 - Arbitrary File Upload S
HTTP All In One Video Downloader 'id' SQL Injection Vuln S
HTTP Alumni Tracer SMS Notification 'index.php' SQL Injection Vuln S
HTTP Alumni Tracer SMS Notification 'index.php' SQL Injection Vuln_1 S
HTTP Alumni Tracer SMS Notification 'index.php' SQL Injection Vuln_2 S
HTTP Alumni Tracer SMS Notification 'index.php' SQL Injection Vuln_3 S
HTTP Alumni Tracer SMS Notification 'index.php' SQL Injection Vuln_4 S
HTTP Alumni Tracer SMS Notification 'index.php' SQL Injection Vuln_5 S
HTTP Alumni Tracer SMS Notification 'index.php' SQL Injection Vuln_6 S
HTTP Alumni Tracer SMS Notification 'index.php' SQL Injection Vuln_7 S
HTTP Alumni Tracer SMS Notification (Add Admin) CSRF Vuln (From Server) S
HTTP Alumni Tracer SMS Notification (Add Admin) CSRF Vuln (To Server) S
HTTP Alumni Tracer SMS Notification (Update Admin) CSRF Vuln (From Server) S
HTTP Alumni Tracer SMS Notification (Update Admin) CSRF Vuln (To Server) S
HTTP Apache Superset 0.23 - Remote Code Execution S
HTTP Aplaya Beach Resort Online Reservation System 'controller.php' CSRF Vuln (From Server) S
HTTP Aplaya Beach Resort Online Reservation System 'controller.php' CSRF Vuln (To Server) S
HTTP Aplaya Beach Resort Online Reservation System 'index.php' SQL Injection Vuln S
HTTP Architectural 'email' SQL Injection Vuln S
HTTP Artica Integria IMS 'search_string' parameter Cross Site Scripting Vuln S
HTTP Artica Integria IMS (User Deletion) CSRF Vuln (From Server) S
HTTP Artica Integria IMS (User Deletion) CSRF Vuln (To Server) S
HTTP Bigcart Ecommerce Multivendor System 'path' SQL Injection Vuln S
HTTP Bludit Pages Editor Arbitrary File Upload Vuln (From Server) S
HTTP Bludit Pages Editor Arbitrary File Upload Vuln (To Server) S
HTTP Bolt CMS 'Title' field Cross Site Scripting Vuln S
HTTP Card Payment (Update Admin) CSRF Vuln (From Server) S
HTTP Card Payment (Update Admin) CSRF Vuln (To Server) S
HTTP Cisco Firepower Management Center 'platformSettingEdit.cgi' Cross Site Scripting Vuln S
HTTP Cisco RV320 and RV325 Routers CVE-2019-1652 Remote Command Injection Vulnerability S
HTTP Cisco RV320 and RV325 Routers CVE-2019-1653 Information Disclosure Vulnerability S
HTTP Cleanto 'export_ajax.php' SQL Injection Vuln S
HTTP Cleanto 'front_ajax.php' SQL Injection Vuln S
HTTP Cleanto 'front_ajax.php' SQL Injection Vuln_1 S
HTTP Cleanto 'front_ajax.php' SQL Injection Vuln_2 S
HTTP Cleanto 'service_method_ajax.php' SQL Injection Vuln S
HTTP CMSsite 'cat_id' SQL Injection Vuln S
HTTP CMSsite 'search' SQL Injection Vuln S
HTTP Coman 'id' SQL Injection Vuln S
HTTP Craft CMS 'title' Cross Site Scripting Vuln S
HTTP Craigs Classified Ads CMS Theme 'profile_detail.php' SQL Injection Vuln S
HTTP Creativeitem Ekushey Project Manager CRM 'address' XSS Vuln (From Server) S
HTTP Creativeitem Ekushey Project Manager CRM 'address' XSS Vuln (To Server) S
HTTP Creativeitem Ekushey Project Manager CRM 'name' XSS Vuln (From Server) S
HTTP Creativeitem Ekushey Project Manager CRM 'name' XSS Vuln (To Server) S
HTTP Creativeitem Ekushey Project Manager CRM 'short_note' XSS Vuln (From Server) S
HTTP Creativeitem Ekushey Project Manager CRM 'short_note' XSS Vuln (To Server) S
HTTP Delta Sql 'docs_manage.php' Arbitrary File Upload Vuln (From Server) S
HTTP Delta Sql 'docs_manage.php' Arbitrary File Upload Vuln (To Server) S
HTTP doitX 'search' SQL Injection Vuln S
HTTP DomainMOD 'DisplayName' Cross Site Scripting Vuln S
HTTP DomainMOD 'HostName' Cross Site Scripting Vuln S
HTTP DomainMod 'registrar-accounts.php' Cross Site Scripting Vuln S
HTTP DomainMod 'registrar-accounts.php' Cross Site Scripting Vuln_1 S
HTTP DomainMod 'registrar-accounts.php' Cross Site Scripting Vuln_2 S
HTTP DomainMOD 'UserName' Cross Site Scripting Vuln S
HTTP eBrigade ERP 'pdf.php' SQL Injection Vuln S
HTTP Facebook And Google Reviews System For Businesses - CSRF (Change Password) (From Server) S
HTTP Facebook And Google Reviews System For Businesses - CSRF (Change Password) (To Server) S
HTTP Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution S
HTTP Fortify Software Security Center (SSC) 17.1017.2018.10 - Information Disclosure S
HTTP Frog CMS 'name' Cross Site Scripting Vuln S
HTTP FrontAccounting 'filterType' SQL Injection Vuln S
HTTP GreenCMS 'content' CSRF Vuln (From Server) S
HTTP GreenCMS 'content' CSRF Vuln (To Server) S
HTTP Hashicorp Consul - Create Session S
HTTP Hashicorp Consul - Remote Command Execution via Rexec (Metasploit) S
HTTP Hashicorp Consul - Remote Command Execution via Services API (Metasploit) S
HTTP Hootoo HT-05 - Remote Code Execution (Metasploit) S
HTTP Horde Imp - 'imap_open' Remote Command Execution S
HTTP Hotel Booking Script (Change Admin Password) CSRF Vuln (From Server) S
HTTP Hotel Booking Script (Change Admin Password) CSRF Vuln (To Server) S
HTTP Huawei B315s-22 - 'device config' Information Leak S
HTTP IBM Operational Decision Manager 8.x - 'external file' XML External Entity Injection S
HTTP IBM Operational Decision Manager 8.x - 'port scanner' XML External Entity Injection S
HTTP ImpressCMS 'bid' SQL Injection Vuln S
HTTP Joomla! Component J-BusinessDirectory 'type' SQL Injection Vuln S
HTTP Joomla! Component J-ClassifiedsManager 'adType' SQL Injection Vuln S
HTTP Joomla! Component J-ClassifiedsManager 'categorySearch' SQL Injection Vuln S
HTTP Joomla! Component J-ClassifiedsManager 'citySearch' SQL Injection Vuln S
HTTP Joomla! Component J-CruisePortal SQL Injection Vuln S
HTTP Joomla! Component JHotelReservation 'rooms' SQL Injection Vuln S
HTTP Joomla! Component VMap 'latlngbound' SQL Injection Vuln S
HTTP Joomla! Component vRestaurant 'categories' SQL Injection Vuln S
HTTP Joomla! Component vRestaurant 'keysearch' SQL Injection Vuln S
HTTP Joomla! Component vRestaurant 'max' SQL Injection Vuln S
HTTP Joomla! Component vRestaurant 'min' SQL Injection Vuln S
HTTP Live Call Support Widget 1.5 - Remote Code Execution (From Server) S
HTTP Live Call Support Widget 1.5 - Remote Code Execution (To Server) S
HTTP Live Call Support Widget 1.5 - SQL Injection S
HTTP Microsoft Edge 42.17134.1.0 - 'TreeANodeDocumentLayout' Denial of Service S
HTTP Microsoft Edge Chakra - OP_Memset Type Confusion S
HTTP Microsoft Windows - 'jscript!JsArrayFunctionHeapSort' Out-of-Bounds Write S
HTTP MiniShare 1.4.1 - 'POST' Remote Buffer Overflow S
HTTP Modern POS 1.3 - Arbitrary File Download S
HTTP Open STA Manager 'file' Directory Traversal Vuln S
HTTP Promotion King Facebook And Google Reviews System For Businesses SQL Injection Vuln S
HTTP Pydio - AjaXplorer 5.0.4 - Arbitrary File Upload S
HTTP Pydio - AjaXplorer 5.0.4 - Read Arbitrary Files S
HTTP Responsive FileManager 9.13.4 - 'create_file' Path Traversal S
HTTP Responsive FileManager 9.13.4 - 'delete_file' Path Traversal S
HTTP Responsive FileManager 9.13.4 - 'delete_folder' Path Traversal S
HTTP Responsive FileManager 9.13.4 - 'get_file' File Read S
HTTP Responsive FileManager 9.13.4 - 'save_img' File Write S
HTTP Safari - Proxy Object Type Confusion (Metasploit) S
HTTP School Attendance Monitoring System 'id' SQL Injection Vuln S
HTTP School Attendance Monitoring System 'id' SQL Injection Vuln_1 S
HTTP School Attendance Monitoring System 'id' SQL Injection Vuln_2 S
HTTP School Attendance Monitoring System 1.0 - CSRF (Update Admin) (From Server) S
HTTP School Attendance Monitoring System 1.0 - CSRF (Update Admin) (To Server) S
HTTP School Event Management System 'id' SQL Injection Vuln S
HTTP School Event Management System 'id' SQL Injection Vuln_1 S
HTTP School Event Management System 'id' SQL Injection Vuln_2 S
HTTP SimplePress CMS 'p' SQL Injection Vuln S
HTTP SimplePress CMS 's' SQL Injection Vuln S
HTTP SirsiDynix e-Library 'sort_by' Cross Site Scripting Vuln S
HTTP Synaccess netBooter NP-0801DU (Add Admin) CSRF Vuln (From Server) S
HTTP Synaccess netBooter NP-0801DU (Add Admin) CSRF Vuln (To Server) S
HTTP TeamCity Agent - XML-RPC Command Execution (Metasploit) S
HTTP ThinkPHP 5.0.235.1.31 - Remote Code Execution S
HTTP ThinkPHP 5.X - Remote Command Execution S
HTTP Ticketly (Add Admin) CSRF Vuln (From Server) S
HTTP Ticketly (Add Admin) CSRF Vuln (To Server) S
HTTP TP-Link wireless router Archer C1200 - Cross-Site Scripting S
HTTP VBScript - 'OLEAUT32!VariantClear' and 'scrrun!VBADictionaryput_Item' Use-After-Free S
HTTP VBScript - 'rtFilter' Out-of-Bounds Read S
HTTP Voovi Social Networking Script 'user' SQL Injection Vuln S
HTTP WebKit JIT - Int32Double Arrays can have Proxy Objects in the Prototype Chains S
HTTP WebKit JSC - 'AbstractValueset' Use-After-Free S
HTTP WebKit JSC - 'JSArrayshiftCountWithArrayStorage' Out-of-Bounds ReadWrite S
HTTP Webmin 1.900 - Remote Command Execution (Metasploit) S
HTTP WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection S
HTTP WSTMart 'consultContent' Cross Site Scripting Vuln S
HTTP WSTMart (Add Admin) CSRF Vuln (From Server) S
HTTP WSTMart (Add Admin) CSRF Vuln (To Server) S
HTTP WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin User) (From Server) S
HTTP WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin User) (To Server) S
HTTP WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add User) (From Server) S
HTTP WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add User) (To Server) S
HTTP Yeswiki Cercopitheque 'id' SQL Injection Vuln S
HTTP Yot CMS 'aid' SQL Injection Vuln S
HTTP Yot CMS 'cid' SQL Injection Vuln S
HTTP ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts) (From Server) S
HTTP ZTE ZXHN H168N - Unauthenticated WLAN Passphrase Improper Access Restrictions S
HTTP ZTE ZXHN H168N - Unauthenticated WLAN Password Improper Access Restrictions S
Malware GET Request Associated with GandCrab ransomware (www.2mmotorsport.biz) S
Malware GET Request Associated with GandCrab ransomware (www.bizziniinfissi.com) S
Malware GET Request Associated with GandCrab ransomware (www.fliptray.biz) S
Malware GET Request Associated with GandCrab ransomware (www.haargenau.biz) S
Malware GET Request Generated By Love Me Malspam (92.63.197.48) S
Malware GET Request Generated By Love Me Malspam (osheoufhusheoghuesd.ru) S
Malware GET Request Generated By Love Me Malspam (slpsrgpsrhojifdij.ru) Attempt S
Malware GET Request Generated By Love Me Malspam (slpsrgpsrhojifdij.ru) S
Malware GET Request Generated By Love Me Malspam (suieiusiueiuiuushgf.ru) S
Malware HTTPS Request Associated with GandCrab ransomware (138.201.162.99) S
Malware HTTPS Request Associated with GandCrab ransomware (78.46.77.98) S
Malware POST Request Associated with GandCrab ransomware (www.bizziniinfissi.com) S
Malware POST Request Associated with GandCrab ransomware (www.haargenau.biz) S
Malware POST Request Associated with GandCrab ransomware (www.holzbock.biz) S
Netatalk - Bypass Authentication S
NTPsec 1.1.2 - 'config' Authenticated Out-of-Bounds Write Denial of Service (PoC) S
NTPsec 1.1.2 - 'ctl_getitem' Out-of-Bounds Read (PoC) S
NTPsec 1.1.2 - 'ntp_control' Authenticated NULL Pointer Dereference (PoC) S
NTPsec 1.1.2 - 'ntp_control' Out-of-Bounds Read (PoC) S