Traffic IQ Professional
Traffic File Update for December 2019
102 Application Exploits
FreeSWITCH 1.10.1 Command Execution S
FTP Schneider Electric Modicon M580 FTP firmware update loader DoS S
HTTP Ajenti 2.1.31 Command Injection MSF S
HTTP Apache Olingo OData 4.6.x XML Injection S
HTTP Apache Solr 8.2.0 Remote Code Execution S
HTTP AVE DOMINAplus 'Password' CSRF Vuln (From Server) S
HTTP AVE DOMINAplus 'User' CSRF Vuln (From Server) S
HTTP AVE DOMINAplus 'User' CSRF Vuln (To Server) S
HTTP AVE DOMINAplus 1.10.x Authentication Bypass S
HTTP AVE DOMINAplus 1.10.x Credential Disclosure S
HTTP AVE DOMINAplus 1.10.x Unauthenticated Remote Reboot S
HTTP Broadcom CA Privileged Access Manager 2.8.2 Remote Command Execution S
HTTP Carlo Gavazzi Smarthouse 'command.php' CSRF Vuln (From Server) S
HTTP Carlo Gavazzi Smarthouse 'command.php' CSRF Vuln (To Server) S
HTTP Carlo Gavazzi SmartHouse 'messagepage.php' Cross-Site Scripting Vuln S
HTTP Carlo Gavazzi SmartHouse 'name' Cross-Site Scripting Vuln S
HTTP Carlo Gavazzi Smarthouse 'refresh.php' CSRF Vuln (From Server) S
HTTP Carlo Gavazzi Smarthouse 'refresh.php' CSRF Vuln (To Server) S
HTTP Carlo Gavazzi Smarthouse 'set temperature' CSRF Vuln (From Server) S
HTTP Carlo Gavazzi Smarthouse 'set temperature' CSRF Vuln (To Server) S
HTTP Cera Intranet Community Theme '_wpnonce-groups' SQL Injection Vuln S
HTTP Cisco WLC 2504 8.9 Denial Of Service S
HTTP Computrols CBAS-Web 19.0.0 'logout' Auth Bypass S
HTTP Computrols CBAS-Web 19.0.0 Command Injection S
HTTP D-Link DIR-615 - Privilege Escalation S
HTTP DAViCal CalDAV Server 'New Admin User' CSRF Vuln (From Server) S
HTTP DAViCal CalDAV Server 'New Admin User' CSRF Vuln (To Server) S
HTTP DAViCal CalDAV Server 't' Cross-Site Scripting Vuln S
HTTP Dokuwiki 2018-04-22b Username Enumeration S
HTTP Forma LMS 2.2.1 ajax.server.php - 'filter_cat' SQL Injection S
HTTP Forma LMS 2.2.1 ajax.server.php - 'filter_status' SQL Injection S
HTTP Forma LMS 2.2.1 index.php - 'users' SQL Injection S
HTTP FreeSWITCH - Event Socket Command Execution (Metasploit) S
HTTP Fronius Solar Inverter Series Backdoor Account Disclosure S
HTTP Fronius Solar Inverter Series Path Traversal S
HTTP Hazir Pro-7070 'Password' SQL Injection Vuln S
HTTP Hazir Pro-7070 'Username' SQL Injection Vuln S
HTTP Heatmiser Netmonitor 3.03 Hardcoded Credentials S
HTTP HomeAutomation 'Comment' CSRF Vuln (From Server) S
HTTP HomeAutomation 'Comment' CSRF Vuln (To Server) S
HTTP HomeAutomation 'msg' Cross-Site Scripting Vuln S
HTTP HomeAutomation 3.3.2 Authentication Bypass S
HTTP HomeAutomation 3.3.2 Cross Site Request Forgery (From Server) S
HTTP HomeAutomation 3.3.2 Cross Site Request Forgery (To Server) S
HTTP HomeAutomation 3.3.2 CSRF Code Execution S
HTTP HomeAutomation 3.3.2 Open Redirect S
HTTP Inim Electronics SmartLiving SmartLANGSI 6.x Remote Root S
HTTP Inim Electronics Smartliving SmartLANGSI 6.x SSRF S
HTTP Intelbras Router RF1200 'Add Admin' CSRF Vuln (From Server) S
HTTP Intelbras Router RF1200 'Add Admin' CSRF Vuln (To Server) S
HTTP Joomla MediaLibrary 'Itemid' SQL Injection Vuln S
HTTP Mersive Solstice 2.8.0 Remote Code Execution S
HTTP Microsoft Internet Explorer Use-After-Free S
HTTP MyDomoAtHome (MDAH) REST API Domoticz ISS Gateway 0.2.40 Information Disclosure S
HTTP NopCommerce 4.2.0 'CREATEDIR' Privilege Escalation S
HTTP NopCommerce 4.2.0 'RENAMEDIR' Privilege Escalation S
HTTP NopCommerce 4.2.0 Shell Upload S
HTTP nostromo 1.9.6 Remote Code Execution S
HTTP Online Clinic Management System 2.2 HTML Injection S
HTTP Online Invoicing System 'description' Cross-Site Scripting Vuln S
HTTP Oracle Siebel Sales 'start.swe' Cross-Site Scripting Vuln S
HTTP OwnCloud 8.1.8 Username Disclosure S
HTTP phpMyChat-Plus 'pass_reset.php' Cross-Site Scripting Vuln S
HTTP Roxy Fileman 1.4.5 For .NET Directory Traversal S
HTTP SALTO ProAccess SPACE 5.5 - 'backup.db' Information Disclosure S
HTTP SALTO ProAccess SPACE 5.5 - 'DirectoryExists' Information Disclosure S
HTTP SALTO ProAccess SPACE 5.5 - 'GetLicense' Information Disclosure S
HTTP SiteVision 4.x 5.x Insufficient Module Access Control S
HTTP SiteVision 4.x 5.x Remote Code Execution S
HTTP Snipe-IT Open Source Asset Management 4.7.5 Cross Site Scripting S
HTTP SSDWLAB 6.1 Authentication Bypass S
HTTP Tautulli 2.1.9 - 'restart' Cross Site Request Forgery S
HTTP Tautulli 2.1.9 - 'shutdown' Cross Site Request Forgery S
HTTP Tautulli 2.1.9 - 'update_check' Cross Site Request Forgery S
HTTP TemaTres 'value' Cross-Site Scripting Vuln S
HTTP Tenda AC9 WanParameterSetting - 'dns1' Command Injection S
HTTP Tenda AC9 WanParameterSetting - 'dns2' Command Injection S
HTTP thesystem App 1.0 Cross Site Scripting S
HTTP vBulletin 5.5.4 Remote Command Execution S
HTTP WEMS BEMS 21.3.1 Undocumented Backdoor Account S
HTTP Wolters Kluwer TeamMate+ 3.1 Cross Site Request Forgery (From Server) S
HTTP Wolters Kluwer TeamMate+ 3.1 Cross Site Request Forgery (To Server) S
HTTP WordPress 5.3 Username Enumeration S
HTTP WordPress CSS Hero 'rand' Cross-Site Scripting Vuln S
HTTP WordPress Plainview Activity Monitor 20161228 Remote Command Execution S
HTTP Xerox AltaLink C8035 Printer Cross Site Request Forgery (From Server) S
HTTP Xerox AltaLink C8035 Printer Cross Site Request Forgery (To Server) S
HTTP Xinet Elegant 6 Asset Library Web Interface 6.1.655 SQL Injection S
HTTP Yachtcontrol 2019-10-06 Remote Code Execution S
HTTP YouPHPTube 'LiveChatObj.php' SQL Injection Vuln S
HTTP YouPHPTube campaignsVideos.json.php - 'id' SQL Injection S
HTTP YouPHPTube commentAddNew.json.php - 'comments_id' SQL Injection S
HTTP YouPHPTube pluginSwitch.json.php - 'dir' SQL Injection S
HTTP YouPHPTube pluginSwitch.json.php - 'name' SQL Injection S
HTTP YouPHPTube pluginSwitch.json.php - 'uuid' SQL Injection S
HTTP YouPHPTube subscribe.json.php - 'user_id' SQL Injection S
HTTP YouPHPTube subscribeNotify.json.php - 'user_id' SQL Injection S
HTTP YouPHPTube videoAddNew.json.php - 'categories_id' SQL Injection S
Malware GET Request Associated with Ursnif Malware 'jyomacktom.top' S
Malware GET Request Associated with Ursnif Malware 'nxbpierrecjf.com' S
Malware GET Request Associated with Ursnif Malware 'ragenommad.com' S
Malware GET Request Associated with Ursnif Malware 'spt71igina.com' S