Search

Traffic File Update - January 2019

This Traffic IQ Professional update for January 2019 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for January 2019

176 Application Exploits

CloudMe Sync 1.11.2 - Buffer Overflow + Egghunt S
Delta Electronics Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (MSF) S
Erlang - Port Mapper Daemon Cookie RCE (Metasploit) S
HTP Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload 'GET' Exploit S
HTP Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload 'POST' Exploit S
HTTP ABC ERP (Update Admin) CSRF Vuln (From Server) S
HTTP ABC ERP (Update Admin) CSRF Vuln (To Server) S
HTTP Adapt Inventory Management System 'invoice.php' SQL Injection Vuln S
HTTP Adapt Inventory Management System 'login.php' SQL Injection Vuln S
HTTP Adianti Framework 'username' SQL Injection Vuln S
HTTP Adicon Server Plugin for WordPress 'addIcon.php' SQL Injection Vuln S
HTTP Adiscon LogAnalyzer 'login.php' Cross Site Scripting Vuln S
HTTP Adobe ColdFusion 2018 - Arbitrary File Upload S
HTTP All In One Video Downloader 'id' SQL Injection Vuln S
HTTP Alumni Tracer SMS Notification 'index.php' SQL Injection Vuln S
HTTP Alumni Tracer SMS Notification 'index.php' SQL Injection Vuln_1 S
HTTP Alumni Tracer SMS Notification 'index.php' SQL Injection Vuln_2 S
HTTP Alumni Tracer SMS Notification 'index.php' SQL Injection Vuln_3 S
HTTP Alumni Tracer SMS Notification 'index.php' SQL Injection Vuln_4 S
HTTP Alumni Tracer SMS Notification 'index.php' SQL Injection Vuln_5 S
HTTP Alumni Tracer SMS Notification 'index.php' SQL Injection Vuln_6 S
HTTP Alumni Tracer SMS Notification 'index.php' SQL Injection Vuln_7 S
HTTP Alumni Tracer SMS Notification (Add Admin) CSRF Vuln (From Server) S
HTTP Alumni Tracer SMS Notification (Add Admin) CSRF Vuln (To Server) S
HTTP Alumni Tracer SMS Notification (Update Admin) CSRF Vuln (From Server) S
HTTP Alumni Tracer SMS Notification (Update Admin) CSRF Vuln (To Server) S
HTTP Apache Superset 0.23 - Remote Code Execution S
HTTP Aplaya Beach Resort Online Reservation System 'controller.php' CSRF Vuln (From Server) S
HTTP Aplaya Beach Resort Online Reservation System 'controller.php' CSRF Vuln (To Server) S
HTTP Aplaya Beach Resort Online Reservation System 'index.php' SQL Injection Vuln S
HTTP Architectural 'email' SQL Injection Vuln S
HTTP Artica Integria IMS 'search_string' parameter Cross Site Scripting Vuln S
HTTP Artica Integria IMS (User Deletion) CSRF Vuln (From Server) S
HTTP Artica Integria IMS (User Deletion) CSRF Vuln (To Server) S
HTTP Bigcart Ecommerce Multivendor System 'path' SQL Injection Vuln S
HTTP Bludit Pages Editor Arbitrary File Upload Vuln (From Server) S
HTTP Bludit Pages Editor Arbitrary File Upload Vuln (To Server) S
HTTP Bolt CMS 'Title' field Cross Site Scripting Vuln S
HTTP Card Payment (Update Admin) CSRF Vuln (From Server) S
HTTP Card Payment (Update Admin) CSRF Vuln (To Server) S
HTTP Cisco Firepower Management Center 'platformSettingEdit.cgi' Cross Site Scripting Vuln S
HTTP Cisco RV320 and RV325 Routers CVE-2019-1652 Remote Command Injection Vulnerability S
HTTP Cisco RV320 and RV325 Routers CVE-2019-1653 Information Disclosure Vulnerability S
HTTP Cleanto 'export_ajax.php' SQL Injection Vuln S
HTTP Cleanto 'front_ajax.php' SQL Injection Vuln S
HTTP Cleanto 'front_ajax.php' SQL Injection Vuln_1 S
HTTP Cleanto 'front_ajax.php' SQL Injection Vuln_2 S
HTTP Cleanto 'service_method_ajax.php' SQL Injection Vuln S
HTTP CMSsite 'cat_id' SQL Injection Vuln S
HTTP CMSsite 'search' SQL Injection Vuln S
HTTP Coman 'id' SQL Injection Vuln S
HTTP Craft CMS 'title' Cross Site Scripting Vuln S
HTTP Craigs Classified Ads CMS Theme 'profile_detail.php' SQL Injection Vuln S
HTTP Creativeitem Ekushey Project Manager CRM 'address' XSS Vuln (From Server) S
HTTP Creativeitem Ekushey Project Manager CRM 'address' XSS Vuln (To Server) S
HTTP Creativeitem Ekushey Project Manager CRM 'name' XSS Vuln (From Server) S
HTTP Creativeitem Ekushey Project Manager CRM 'name' XSS Vuln (To Server) S
HTTP Creativeitem Ekushey Project Manager CRM 'short_note' XSS Vuln (From Server) S
HTTP Creativeitem Ekushey Project Manager CRM 'short_note' XSS Vuln (To Server) S
HTTP Delta Sql 'docs_manage.php' Arbitrary File Upload Vuln (From Server) S
HTTP Delta Sql 'docs_manage.php' Arbitrary File Upload Vuln (To Server) S
HTTP doitX 'search' SQL Injection Vuln S
HTTP DomainMOD 'DisplayName' Cross Site Scripting Vuln S
HTTP DomainMOD 'HostName' Cross Site Scripting Vuln S
HTTP DomainMod 'registrar-accounts.php' Cross Site Scripting Vuln S
HTTP DomainMod 'registrar-accounts.php' Cross Site Scripting Vuln_1 S
HTTP DomainMod 'registrar-accounts.php' Cross Site Scripting Vuln_2 S
HTTP DomainMOD 'UserName' Cross Site Scripting Vuln S
HTTP eBrigade ERP 'pdf.php' SQL Injection Vuln S
HTTP Facebook And Google Reviews System For Businesses - CSRF (Change Password) (From Server) S
HTTP Facebook And Google Reviews System For Businesses - CSRF (Change Password) (To Server) S
HTTP Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution S
HTTP Fortify Software Security Center (SSC) 17.1017.2018.10 - Information Disclosure S
HTTP Frog CMS 'name' Cross Site Scripting Vuln S
HTTP FrontAccounting 'filterType' SQL Injection Vuln S
HTTP GreenCMS 'content' CSRF Vuln (From Server) S
HTTP GreenCMS 'content' CSRF Vuln (To Server) S
HTTP Hashicorp Consul - Create Session S
HTTP Hashicorp Consul - Remote Command Execution via Rexec (Metasploit) S
HTTP Hashicorp Consul - Remote Command Execution via Services API (Metasploit) S
HTTP Hootoo HT-05 - Remote Code Execution (Metasploit) S
HTTP Horde Imp - 'imap_open' Remote Command Execution S
HTTP Hotel Booking Script (Change Admin Password) CSRF Vuln (From Server) S
HTTP Hotel Booking Script (Change Admin Password) CSRF Vuln (To Server) S
HTTP Huawei B315s-22 - 'device config' Information Leak S
HTTP IBM Operational Decision Manager 8.x - 'external file' XML External Entity Injection S
HTTP IBM Operational Decision Manager 8.x - 'port scanner' XML External Entity Injection S
HTTP ImpressCMS 'bid' SQL Injection Vuln S
HTTP Joomla! Component J-BusinessDirectory 'type' SQL Injection Vuln S
HTTP Joomla! Component J-ClassifiedsManager 'adType' SQL Injection Vuln S
HTTP Joomla! Component J-ClassifiedsManager 'categorySearch' SQL Injection Vuln S
HTTP Joomla! Component J-ClassifiedsManager 'citySearch' SQL Injection Vuln S
HTTP Joomla! Component J-CruisePortal SQL Injection Vuln S
HTTP Joomla! Component JHotelReservation 'rooms' SQL Injection Vuln S
HTTP Joomla! Component VMap 'latlngbound' SQL Injection Vuln S
HTTP Joomla! Component vRestaurant 'categories' SQL Injection Vuln S
HTTP Joomla! Component vRestaurant 'keysearch' SQL Injection Vuln S
HTTP Joomla! Component vRestaurant 'max' SQL Injection Vuln S
HTTP Joomla! Component vRestaurant 'min' SQL Injection Vuln S
HTTP Live Call Support Widget 1.5 - Remote Code Execution (From Server) S
HTTP Live Call Support Widget 1.5 - Remote Code Execution (To Server) S
HTTP Live Call Support Widget 1.5 - SQL Injection S
HTTP Microsoft Edge 42.17134.1.0 - 'TreeANodeDocumentLayout' Denial of Service S
HTTP Microsoft Edge Chakra - OP_Memset Type Confusion S
HTTP Microsoft Windows - 'jscript!JsArrayFunctionHeapSort' Out-of-Bounds Write S
HTTP MiniShare 1.4.1 - 'POST' Remote Buffer Overflow S
HTTP Modern POS 1.3 - Arbitrary File Download S
HTTP Open STA Manager 'file' Directory Traversal Vuln S
HTTP Promotion King Facebook And Google Reviews System For Businesses SQL Injection Vuln S
HTTP Pydio - AjaXplorer 5.0.4 - Arbitrary File Upload S
HTTP Pydio - AjaXplorer 5.0.4 - Read Arbitrary Files S
HTTP Responsive FileManager 9.13.4 - 'create_file' Path Traversal S
HTTP Responsive FileManager 9.13.4 - 'delete_file' Path Traversal S
HTTP Responsive FileManager 9.13.4 - 'delete_folder' Path Traversal S
HTTP Responsive FileManager 9.13.4 - 'get_file' File Read S
HTTP Responsive FileManager 9.13.4 - 'save_img' File Write S
HTTP Safari - Proxy Object Type Confusion (Metasploit) S
HTTP School Attendance Monitoring System 'id' SQL Injection Vuln S
HTTP School Attendance Monitoring System 'id' SQL Injection Vuln_1 S
HTTP School Attendance Monitoring System 'id' SQL Injection Vuln_2 S
HTTP School Attendance Monitoring System 1.0 - CSRF (Update Admin) (From Server) S
HTTP School Attendance Monitoring System 1.0 - CSRF (Update Admin) (To Server) S
HTTP School Event Management System 'id' SQL Injection Vuln S
HTTP School Event Management System 'id' SQL Injection Vuln_1 S
HTTP School Event Management System 'id' SQL Injection Vuln_2 S
HTTP SimplePress CMS 'p' SQL Injection Vuln S
HTTP SimplePress CMS 's' SQL Injection Vuln S
HTTP SirsiDynix e-Library 'sort_by' Cross Site Scripting Vuln S
HTTP Synaccess netBooter NP-0801DU (Add Admin) CSRF Vuln (From Server) S
HTTP Synaccess netBooter NP-0801DU (Add Admin) CSRF Vuln (To Server) S
HTTP TeamCity Agent - XML-RPC Command Execution (Metasploit) S
HTTP ThinkPHP 5.0.235.1.31 - Remote Code Execution S
HTTP ThinkPHP 5.X - Remote Command Execution S
HTTP Ticketly (Add Admin) CSRF Vuln (From Server) S
HTTP Ticketly (Add Admin) CSRF Vuln (To Server) S
HTTP TP-Link wireless router Archer C1200 - Cross-Site Scripting S
HTTP VBScript - 'OLEAUT32!VariantClear' and 'scrrun!VBADictionaryput_Item' Use-After-Free S
HTTP VBScript - 'rtFilter' Out-of-Bounds Read S
HTTP Voovi Social Networking Script 'user' SQL Injection Vuln S
HTTP WebKit JIT - Int32Double Arrays can have Proxy Objects in the Prototype Chains S
HTTP WebKit JSC - 'AbstractValueset' Use-After-Free S
HTTP WebKit JSC - 'JSArrayshiftCountWithArrayStorage' Out-of-Bounds ReadWrite S
HTTP Webmin 1.900 - Remote Command Execution (Metasploit) S
HTTP WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection S
HTTP WSTMart 'consultContent' Cross Site Scripting Vuln S
HTTP WSTMart (Add Admin) CSRF Vuln (From Server) S
HTTP WSTMart (Add Admin) CSRF Vuln (To Server) S
HTTP WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin User) (From Server) S
HTTP WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin User) (To Server) S
HTTP WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add User) (From Server) S
HTTP WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add User) (To Server) S
HTTP Yeswiki Cercopitheque 'id' SQL Injection Vuln S
HTTP Yot CMS 'aid' SQL Injection Vuln S
HTTP Yot CMS 'cid' SQL Injection Vuln S
HTTP ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts) (From Server) S
HTTP ZTE ZXHN H168N - Unauthenticated WLAN Passphrase Improper Access Restrictions S
HTTP ZTE ZXHN H168N - Unauthenticated WLAN Password Improper Access Restrictions S
Malware GET Request Associated with GandCrab ransomware (www.2mmotorsport.biz) S
Malware GET Request Associated with GandCrab ransomware (www.bizziniinfissi.com) S
Malware GET Request Associated with GandCrab ransomware (www.fliptray.biz) S
Malware GET Request Associated with GandCrab ransomware (www.haargenau.biz) S
Malware GET Request Generated By Love Me Malspam (92.63.197.48) S
Malware GET Request Generated By Love Me Malspam (osheoufhusheoghuesd.ru) S
Malware GET Request Generated By Love Me Malspam (slpsrgpsrhojifdij.ru) Attempt S
Malware GET Request Generated By Love Me Malspam (slpsrgpsrhojifdij.ru) S
Malware GET Request Generated By Love Me Malspam (suieiusiueiuiuushgf.ru) S
Malware HTTPS Request Associated with GandCrab ransomware (138.201.162.99) S
Malware HTTPS Request Associated with GandCrab ransomware (78.46.77.98) S
Malware POST Request Associated with GandCrab ransomware (www.bizziniinfissi.com) S
Malware POST Request Associated with GandCrab ransomware (www.haargenau.biz) S
Malware POST Request Associated with GandCrab ransomware (www.holzbock.biz) S
Netatalk - Bypass Authentication S
NTPsec 1.1.2 - 'config' Authenticated Out-of-Bounds Write Denial of Service (PoC) S
NTPsec 1.1.2 - 'ctl_getitem' Out-of-Bounds Read (PoC) S
NTPsec 1.1.2 - 'ntp_control' Authenticated NULL Pointer Dereference (PoC) S
NTPsec 1.1.2 - 'ntp_control' Out-of-Bounds Read (PoC) S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.