Search

Traffic File Update - December 2019

This Traffic IQ Professional update for December 2019 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for December 2019

102 Application Exploits

FreeSWITCH 1.10.1 Command Execution S
FTP Schneider Electric Modicon M580 FTP firmware update loader DoS S
HTTP Ajenti 2.1.31 Command Injection MSF S
HTTP Apache Olingo OData 4.6.x XML Injection S
HTTP Apache Solr 8.2.0 Remote Code Execution S
HTTP AVE DOMINAplus 'Password' CSRF Vuln (From Server) S
HTTP AVE DOMINAplus 'User' CSRF Vuln (From Server) S
HTTP AVE DOMINAplus 'User' CSRF Vuln (To Server) S
HTTP AVE DOMINAplus 1.10.x Authentication Bypass S
HTTP AVE DOMINAplus 1.10.x Credential Disclosure S
HTTP AVE DOMINAplus 1.10.x Unauthenticated Remote Reboot S
HTTP Broadcom CA Privileged Access Manager 2.8.2 Remote Command Execution S
HTTP Carlo Gavazzi Smarthouse 'command.php' CSRF Vuln (From Server) S
HTTP Carlo Gavazzi Smarthouse 'command.php' CSRF Vuln (To Server) S
HTTP Carlo Gavazzi SmartHouse 'messagepage.php' Cross-Site Scripting Vuln S
HTTP Carlo Gavazzi SmartHouse 'name' Cross-Site Scripting Vuln S
HTTP Carlo Gavazzi Smarthouse 'refresh.php' CSRF Vuln (From Server) S
HTTP Carlo Gavazzi Smarthouse 'refresh.php' CSRF Vuln (To Server) S
HTTP Carlo Gavazzi Smarthouse 'set temperature' CSRF Vuln (From Server) S
HTTP Carlo Gavazzi Smarthouse 'set temperature' CSRF Vuln (To Server) S
HTTP Cera Intranet Community Theme '_wpnonce-groups' SQL Injection Vuln S
HTTP Cisco WLC 2504 8.9 Denial Of Service S
HTTP Computrols CBAS-Web 19.0.0 'logout' Auth Bypass S
HTTP Computrols CBAS-Web 19.0.0 Command Injection S
HTTP D-Link DIR-615 - Privilege Escalation S
HTTP DAViCal CalDAV Server 'New Admin User' CSRF Vuln (From Server) S
HTTP DAViCal CalDAV Server 'New Admin User' CSRF Vuln (To Server) S
HTTP DAViCal CalDAV Server 't' Cross-Site Scripting Vuln S
HTTP Dokuwiki 2018-04-22b Username Enumeration S
HTTP Forma LMS 2.2.1 ajax.server.php - 'filter_cat' SQL Injection S
HTTP Forma LMS 2.2.1 ajax.server.php - 'filter_status' SQL Injection S
HTTP Forma LMS 2.2.1 index.php - 'users' SQL Injection S
HTTP FreeSWITCH - Event Socket Command Execution (Metasploit) S
HTTP Fronius Solar Inverter Series Backdoor Account Disclosure S
HTTP Fronius Solar Inverter Series Path Traversal S
HTTP Hazir Pro-7070 'Password' SQL Injection Vuln S
HTTP Hazir Pro-7070 'Username' SQL Injection Vuln S
HTTP Heatmiser Netmonitor 3.03 Hardcoded Credentials S
HTTP HomeAutomation 'Comment' CSRF Vuln (From Server) S
HTTP HomeAutomation 'Comment' CSRF Vuln (To Server) S
HTTP HomeAutomation 'msg' Cross-Site Scripting Vuln S
HTTP HomeAutomation 3.3.2 Authentication Bypass S
HTTP HomeAutomation 3.3.2 Cross Site Request Forgery (From Server) S
HTTP HomeAutomation 3.3.2 Cross Site Request Forgery (To Server) S
HTTP HomeAutomation 3.3.2 CSRF Code Execution S
HTTP HomeAutomation 3.3.2 Open Redirect S
HTTP Inim Electronics SmartLiving SmartLANGSI 6.x Remote Root S
HTTP Inim Electronics Smartliving SmartLANGSI 6.x SSRF S
HTTP Intelbras Router RF1200 'Add Admin' CSRF Vuln (From Server) S
HTTP Intelbras Router RF1200 'Add Admin' CSRF Vuln (To Server) S
HTTP Joomla MediaLibrary 'Itemid' SQL Injection Vuln S
HTTP Mersive Solstice 2.8.0 Remote Code Execution S
HTTP Microsoft Internet Explorer Use-After-Free S
HTTP MyDomoAtHome (MDAH) REST API Domoticz ISS Gateway 0.2.40 Information Disclosure S
HTTP NopCommerce 4.2.0 'CREATEDIR' Privilege Escalation S
HTTP NopCommerce 4.2.0 'RENAMEDIR' Privilege Escalation S
HTTP NopCommerce 4.2.0 Shell Upload S
HTTP nostromo 1.9.6 Remote Code Execution S
HTTP Online Clinic Management System 2.2 HTML Injection S
HTTP Online Invoicing System 'description' Cross-Site Scripting Vuln S
HTTP Oracle Siebel Sales 'start.swe' Cross-Site Scripting Vuln S
HTTP OwnCloud 8.1.8 Username Disclosure S
HTTP phpMyChat-Plus 'pass_reset.php' Cross-Site Scripting Vuln S
HTTP Roxy Fileman 1.4.5 For .NET Directory Traversal S
HTTP SALTO ProAccess SPACE 5.5 - 'backup.db' Information Disclosure S
HTTP SALTO ProAccess SPACE 5.5 - 'DirectoryExists' Information Disclosure S
HTTP SALTO ProAccess SPACE 5.5 - 'GetLicense' Information Disclosure S
HTTP SiteVision 4.x 5.x Insufficient Module Access Control S
HTTP SiteVision 4.x 5.x Remote Code Execution S
HTTP Snipe-IT Open Source Asset Management 4.7.5 Cross Site Scripting S
HTTP SSDWLAB 6.1 Authentication Bypass S
HTTP Tautulli 2.1.9 - 'restart' Cross Site Request Forgery S
HTTP Tautulli 2.1.9 - 'shutdown' Cross Site Request Forgery S
HTTP Tautulli 2.1.9 - 'update_check' Cross Site Request Forgery S
HTTP TemaTres 'value' Cross-Site Scripting Vuln S
HTTP Tenda AC9 WanParameterSetting - 'dns1' Command Injection S
HTTP Tenda AC9 WanParameterSetting - 'dns2' Command Injection S
HTTP thesystem App 1.0 Cross Site Scripting S
HTTP vBulletin 5.5.4 Remote Command Execution S
HTTP WEMS BEMS 21.3.1 Undocumented Backdoor Account S
HTTP Wolters Kluwer TeamMate+ 3.1 Cross Site Request Forgery (From Server) S
HTTP Wolters Kluwer TeamMate+ 3.1 Cross Site Request Forgery (To Server) S
HTTP WordPress 5.3 Username Enumeration S
HTTP WordPress CSS Hero 'rand' Cross-Site Scripting Vuln S
HTTP WordPress Plainview Activity Monitor 20161228 Remote Command Execution S
HTTP Xerox AltaLink C8035 Printer Cross Site Request Forgery (From Server) S
HTTP Xerox AltaLink C8035 Printer Cross Site Request Forgery (To Server) S
HTTP Xinet Elegant 6 Asset Library Web Interface 6.1.655 SQL Injection S
HTTP Yachtcontrol 2019-10-06 Remote Code Execution S
HTTP YouPHPTube 'LiveChatObj.php' SQL Injection Vuln S
HTTP YouPHPTube campaignsVideos.json.php - 'id' SQL Injection S
HTTP YouPHPTube commentAddNew.json.php - 'comments_id' SQL Injection S
HTTP YouPHPTube pluginSwitch.json.php - 'dir' SQL Injection S
HTTP YouPHPTube pluginSwitch.json.php - 'name' SQL Injection S
HTTP YouPHPTube pluginSwitch.json.php - 'uuid' SQL Injection S
HTTP YouPHPTube subscribe.json.php - 'user_id' SQL Injection S
HTTP YouPHPTube subscribeNotify.json.php - 'user_id' SQL Injection S
HTTP YouPHPTube videoAddNew.json.php - 'categories_id' SQL Injection S
Malware GET Request Associated with Ursnif Malware 'jyomacktom.top' S
Malware GET Request Associated with Ursnif Malware 'nxbpierrecjf.com' S
Malware GET Request Associated with Ursnif Malware 'ragenommad.com' S
Malware GET Request Associated with Ursnif Malware 'spt71igina.com' S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.