Search

Traffic File Update - March 2019

This Traffic IQ Professional update for March 2019 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for March 2019

187 Application Exploits

FTP FTPGetter Standard 5.97.0.177 - Remote Code Execution S
HTTP 1C-Bitrix Site Management Russia 2.0 - 'redirect.php' Open Redirection S
HTTP 1C-Bitrix Site Management Russia 2.0 - 'rk.php' Open Redirection S
HTTP Adobe Flash Player - DeleteRangeTimelineOperation Type Confusion (Metasploit) S
HTTP Alberghi Extension for Joomla 'index.php' SQL Injection Vuln S
HTTP Alberghi Extension for Joomla 'index.php' SQL Injection Vuln_1 S
HTTP Alberghi Extension for Joomla 'index.php' SQL Injection Vuln_2 S
HTTP Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow S
HTTP Apache Tika-server 1.18 - Command Injection S
HTTP Ask Expert Script 'cateid' Cross Site Scripting Vuln S
HTTP Ask Expert Script 'view' SQL Injection Vuln S
HTTP AsureForce Time 12.0 Open Redirection S
HTTP BEWARD N100 H.264 VGA IP Camera M2.1.6 - 'ServerName' Remote Code Execution S
HTTP BEWARD N100 H.264 VGA IP Camera M2.1.6 - 'TimeZone' Remote Code Execution S
HTTP Bolt CMS source code editing Cross Site Scripting Vuln S
HTTP Booked Scheduler 2.7.5 Remote Command Execution S
HTTP Booking Calendar For Joomla 'index.php' SQL Injection Vuln S
HTTP C4G Basic Laboratory Information System (BLIS) 'site' SQL Injection Vuln S
HTTP ChangUonDyU Chatbox plugin for vBulletin 'page' Cross Site Scripting Vuln S
HTTP CMS Made Simple Showtime2 Module 3.6.2 - (Authenticated) Arbitrary File Upload S
HTTP CMSsite 'post' SQL Injection Vuln S
HTTP Comodo Dome Firewall 'custom_dns' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'custom_domain' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'DNSMASQ_BLACKLIST' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'DNSMASQ_WHITELIST' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'DST_NOCACHE' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'EXCEPTIONSITELIST' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'explicitroutes' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'GLOBAL_DNS' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'GLOBAL_NETWORKS' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'remotenets' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'static_ip' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'TRANSPARENT_DESTINATION_BYPASS' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'TRANSPARENT_SOURCE_BYPASS' Cross Site Scripting Vuln S
HTTP Comodo Dome Firewall 'username' Cross Site Scripting Vuln_1 S
HTTP Comodo Dome Firewall 'username' Cross Site Scripting Vuln_2 S
HTTP Comodo Dome Firewall 'VIRUS_ADMIN' Cross Site Scripting Vuln S
HTTP Content Extension for Joomla 'index.php' SQL Injection Vuln S
HTTP Content Extension for Joomla 'index.php' SQL Injection Vuln_1 S
HTTP Content Extension for Joomla 'index.php' SQL Injection Vuln_2 S
HTTP Content Extension for Joomla 'index.php' SQL Injection Vuln_3 S
HTTP Content Extension for Joomla 'index.php' SQL Injection Vuln_4 S
HTTP Coship Wireless Router 4.0.0.x5.0.0.x - WiFi Password Reset (From Server) S
HTTP Coship Wireless Router 4.0.0.x5.0.0.x - WiFi Password Reset (To Server) S
HTTP devolo dLAN 550 duo+ Starter Kit - 'Reboot' Remote Code Execution S
HTTP devolo dLAN 550 duo+ Starter Kit - 'shell' Remote Code Execution S
HTTP devolo dLAN 550 duo+ Starter Kit - 'telnet' Remote Code Execution S
HTTP DomainMOD 'category.php' Cross Site Scripting Vuln S
HTTP DomainMOD 'category.php' Cross Site Scripting Vuln_1 S
HTTP DomainMod 'dns.php' Cross-Site Scripting Vuln S
HTTP DomainMod 'dns.php' Cross-Site Scripting Vuln_1 S
HTTP DomainMod 'host.php' Cross Site Scripting Vuln S
HTTP DomainMod 'host.php' Cross Site Scripting Vuln_1 S
HTTP DomainMOD 'ssl-provider-account.php' Cross Site Scripting Vuln S
HTTP DomainMOD 'ssl-provider.php' Cross Site Scripting Vuln S
HTTP DomainMOD 'ssl-provider.php' Cross Site Scripting Vuln_1 S
HTTP Drupal Pubdlcnt 7.x-1.2 Open Redirection S
HTTP eDirectory 'location.php' SQL Injection Vuln S
HTTP eDirectory 'login.php' SQL Injection Vuln S
HTTP elFinder 2.1.47 Command Injection S
HTTP Evince - CBT File Command Injection (Metasploit) S
HTTP Exponent CMS 2.4.1 SQL Injection S
HTTP Feng Office 3.7.0.5 Remote Command Execution S
HTTP Fiberhome AN5506-04-F 'account_user' Cross Site Scripting Vuln S
HTTP Flexpaper PHP Publish Service 2.3.6 - Remote Code Execution S
HTTP Furniture Virtuemart Joomla template 'index.php' SQL Injection Vuln S
HTTP Furniture Virtuemart Joomla template 'index.php' SQL Injection Vuln_1 S
HTTP Furniture Virtuemart Joomla template 'index.php' SQL Injection Vuln_2 S
HTTP Geommunity extension for Joomla 'index.php' SQL Injection Vuln S
HTTP Going1up The Newspaper CMS 1998-2019 1.x Open Redirection S
HTTP HanYazilim Paper Submission System .NET 1.0 - Admin Panel Access S
HTTP HotelDruid 'anno' Cross Site Scripting Vuln S
HTTP HotelDruid 'cambia1' Cross Site Scripting Vuln S
HTTP HotelDruid 'mese_fine' Cross Site Scripting Vuln S
HTTP HotelDruid 'nsextt' Cross Site Scripting Vuln S
HTTP HotelDruid 'origine' Cross Site Scripting Vuln S
HTTP HotelDruid 'origine' Cross Site Scripting Vuln_1 S
HTTP Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) S
HTTP J2Store Extension for Joomla 'index.php' SQL Injection Vuln S
HTTP Jenkins 2.150.2 - Remote Command Execution (Metasploit) S
HTTP Jenkins Script Security 1.49 Declarative 1.3.4 Groovy 2.60 Remote Code Execution S
HTTP JM Car Classifieds CarAgent Joomla Templates 'index.php' SQL Injection Vuln S
HTTP JM Car Classifieds CarAgent Joomla Templates 'index.php' SQL Injection Vuln_1 S
HTTP JM Car Classifieds CarAgent Joomla Templates 'index.php' SQL Injection Vuln_2 S
HTTP Joomla AdsManager 'index.php' SQL Injection Vuln S
HTTP Joomla AdsManager 'index.php' SQL Injection Vuln_1 S
HTTP Joomla AdsManager 'index.php' SQL Injection Vuln_2 S
HTTP Joomla AdsManager 'index.php' SQL Injection Vuln_3 S
HTTP Joomla AdsManager 'index.php' SQL Injection Vuln_4 S
HTTP Joomla AdsManager 'index.php' SQL Injection Vuln_5 S
HTTP Joomla AdsManager 'index.php' SQL Injection Vuln_6 S
HTTP Joomla AdsManager 'index.php' SQL Injection Vuln_7 S
HTTP Joomla AdsManager 'index.php' SQL Injection Vuln_8 S
HTTP Joomla AdsManager 'index.php' SQL Injection Vuln_9 S
HTTP Joomla ChronoForms 'index.php' SQL Injection Vuln S
HTTP Joomla ChronoForms 'index.php' SQL Injection Vuln_1 S
HTTP Joomla ChronoForms 'index.php' SQL Injection Vuln_2 S
HTTP Joomla ChronoForms 'index.php' SQL Injection Vuln_3 S
HTTP Joomla Contact Enhanced 'index.php' SQL Injection Vuln S
HTTP Joomla FlexiContent 'index.php' SQL Injection Vuln S
HTTP Joomla FlexiContent 'index.php' SQL Injection Vuln_1 S
HTTP Joomla ModPPCSimpleSpotLight 1.2 3.0 CSRF Shell Upload (From Server) S
HTTP Joomla ModPPCSimpleSpotLight 1.2 3.0 CSRF Shell Upload (To Server) S
HTTP Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Download S
HTTP Kanboard 1.2.7 - Information Disclosure S
HTTP Kanboard 1.2.7 Cross Site Request Forgery - Add Admin (From Server) S
HTTP Kanboard 1.2.7 Cross Site Request Forgery - Add Admin (To Server) S
HTTP Kanboard 1.2.7 Cross Site Request Forgery - Deactivate 2FA (From Server) S
HTTP Kanboard 1.2.7 Cross Site Request Forgery - Deactivate 2FA (To Server) S
HTTP Liferay CE Portal 7.1.2 ga3 - Remote Command Execution (Metasploit) S
HTTP Master IP CAM 01 3.3.4.2103 - 'bconf.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'ddns_start.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'getddnsattr.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'getinetattr.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'getnettype.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'getupnp.cgi' Remote Command Execution S
HTTP Matukio Events extension for Joomla 'index.php' SQL Injection Vuln S
HTTP McAfee ePO 5.9.1 - Registered Executable Local Access Bypass S
HTTP MeteoTemplate 17.1 Nectarine Deviations Open Redirection S
HTTP MeteoTemplate 17.1 Nectarine stationExtremes 2.0 Open Redirection S
HTTP MeteoTemplate 17.1 Nectarine windDirection 2.2 Open Redirection S
HTTP Micro Focus Filr 3.4.0.217 Information Disclosure S
HTTP Micro Focus Filr 3.4.0.217 Path Traversal S
HTTP MMonit 3.7.2 - Privilege Escalation S
HTTP Modern Guestbook extension for TYPO3 'blog-einzelansicht.html' SQL Injection Vuln S
HTTP Modern Guestbook extension for TYPO3 'blog-single-view.html' SQL Injection Vuln S
HTTP Moodle 3.4.1 - Remote Code Execution S
HTTP OpenKM 6.3.2 - 6.3.7 - Remote Command Execution (Metasploit) S
HTTP OpenMRS Platform 2.24.0 - Insecure Object Deserialization S
HTTP OpenText Documentum Webtop 5.3 SP2 Open Redirect S
HTTP PDF Signer 3.0 - Server-Side Template Injection leading to RCE via CSRF Cookie S
HTTP Pegasus CMS 1.0 - 'extra_fields.php' Plugin Remote Code Execution S
HTTP Pegasus CMS 1.0 - 'test.cgi' Directory Traversal S
HTTP PLC Wireless Router GPN2.4P21-C-CN Cross Site Scripting Vuln S
HTTP PRTG Network Monitor ' loginurl' Cross Site Scripting Vuln S
HTTP PRTG Network Monitor 'errormsg' Cross Site Scripting Vuln S
HTTP PRTG Network Monitor 'searchtext' Cross Site Scripting Vuln S
HTTP QNAP TS-431 QTS - 4.2.2 - Remote Command Execution (Metasploit) S
HTTP Quest NetVault Backup Server Code Execution SQL Injection S
HTTP Raisecom Technology GPON-ONU HT803G-07 Command Injection S
HTTP Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 Remote Code Execution S
HTTP RavenDB 'database' Cross Site Scripting Vuln S
HTTP RavenDB 'database' Cross Site Scripting Vuln_1 S
HTTP RavenDB 'id' Cross Site Scripting Vuln S
HTTP RD e-Tickets extension for Joomla 'index.php' SQL Injection Vuln S
HTTP SAP J2EE Engine Fiori 'test2' URI Cross Site Scripting Vuln S
HTTP SAP J2EE Engine Fiori Protocol Cross Site Scripting Vuln S
HTTP SAP J2EE Engine Portal EPP Protocol Cross Site Scripting Vuln S
HTTP Simple Online Hotel Reservation System 'room_id' SQL Injection Vuln S
HTTP SMF 2.0.15 SMF4Mobile 1.1.5 1.2 Open Redirection S
HTTP SpiderCalendar extension for Joomla 'index.php' SQL Injection Vuln S
HTTP SpiderCalendar extension for Joomla 'index.php' SQL Injection Vuln_1 S
HTTP SpiderCalendar extension for Joomla 'index.php' SQL Injection Vuln_2 S
HTTP SpiderCalendar extension for Joomla 'index.php' SQL Injection Vuln_3 S
HTTP SureMDM 2018-11 Patch - Local Remote File Inclusion S
HTTP Themerig Find a Place CMS Directory 'id' SQL Injection Vuln S
HTTP UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload S
HTTP Usermin 1.750 Remote Command Execution S
HTTP VA MAX 8.3.4 - (Authenticated) Remote Code Execution S
HTTP vBulletin 3.8.4 Zoints SEO 2.3.2 - 'redirector.php' Open Redirection S
HTTP vBulletin 4.2.5 vBSEO 3.6.1 Open Redirection S
HTTP Vembu StoreGrid 'onlineregsuccess.php' Cross Site Scripting Vuln S
HTTP Vembu StoreGrid 'onlineregsuccess.php' Cross Site Scripting Vuln_1 S
HTTP VertrigoServ 'extensions.php' Cross Site Scripting Vuln S
HTTP Village theme for WordPress 'index.php' SQL Injection Vuln S
HTTP Web Wiz Forums 12.01 'wwForum-backup.mdb' Database Disclosure S
HTTP Web Wiz Forums 12.01 'wwForum.mdb' Database Disclosure S
HTTP WebKit JSC reifyStaticProperty Attribute Flag Issue S
HTTP WordPress Cerber 8.0 'register.php' Bypass S
HTTP WordPress Cerber 8.0 'wp-login.php' Bypass S
HTTP WordPress Cerber 8.0 'wp-signup.php' Bypass S
HTTP WordPress Cerber 8.0 Admin Scripts Bypass S
HTTP WordPress Cerber 8.0 Secret Slug Information Disclosure S
HTTP WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion S
HTTP WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Bypass S
HTTP WordPress WP-DreamworkGallery 2.3 'album_img' CSRF (From Server) S
HTTP WordPress WP-DreamworkGallery 2.3 'album_img' CSRF (To Server) S
HTTP WordPress WP-DreamworkGallery 2.3 'upload.php' Shell Upload S
HTTP XenForo 1.5.x Advanced Application Forms 1.2.2 Open Redirection S
HTTP Xoops 1.0.2 PD-Links 1.0 Database Disclosure S
HTTP Zarr Software Warwickshire 1.x Open Redirection S
HTTP Zentyal Server 'cn' Cross Site Scripting Vuln S
HTTP Zentyal Server 'smarthost' Cross Site Scripting Vuln S
Malware DNS Request for domain associated with Formjacking (google-analytisc.com) S
Malware HTTPS Request for domain associated with Formjacking (google-analytisc) S
ScreenStream 3.0.15 - Denial of Service S
SMTP Mail Carrier 2.5.1 - 'MAIL FROM' Buffer Overflow S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.