Search

Traffic File Update - May 2019

This Traffic IQ Professional update for May 2019 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for May 2019

182 Application Exploits

FTP Freefloat FTP Server 1.0 SIZE Buffer Overflow S
FTP Freefloat FTP Server 1.0 STOR Buffer Overflow S
HTTP Agent Tesla Botnet - 'keystrokes' Information Disclosure S
HTTP Agent Tesla Botnet - 'password' Information Disclosure S
HTTP AIS Logistics ESEL-Server SQL Injection Code Execution S
HTTP Atlassian Confluence Widget Connector Macro Velocity Template Injection S
HTTP AUO Solar Data Recorder 'addr' Cross-Site Scripting Vuln S
HTTP BarcoAWIND OEM Presentation Platform Unauthenticated Remote Command Injection S
HTTP BigTree 4.3.4 CMS - 'page' SQL Injection S
HTTP BigTree 4.3.4 CMS - 'parent' SQL Injection S
HTTP Blue Angel Software Suite Command Execution S
HTTP Carel pCOWeb Credential Disclosure S
HTTP Carel pCOWeb Cross Site Scripting S
HTTP CCSP 7.2.5 API XML Injection Server-Side Request Forgery S
HTTP ChurchCRM Software 3.3.2 Database Disclosure S
HTTP Cisco Expressway Gateway 11.5.1 Directory Traversal S
HTTP CyberArk Enterprise Password Vault 10.7 XML External Entity Injection S
HTTP D-Link DWL-2600AP Authenticated OS Command Injection S
HTTP D-Link DWL-2600AP Save Configuration Command Injection S
HTTP D-Link DWL-2600AP Upgrade Firmware Command Injection S
HTTP Deltek Maconomy 2.2.5 Local File Inclusion S
HTTP DirectAdmin 1.561 CMD_SHOW_RESELLER XSS S
HTTP DirectAdmin 1.561 CMD_SHOW_USERS XSS S
HTTP DirectAdmin 1.561 Create FTP Account S
HTTP DirectAdmin 1.561 Remote Command Execution by Cron Jobs S
HTTP dotCMS 5.1.1 HTML Injection S
HTTP Easy Chat Server 3.1 Denial Of Service S
HTTP Firefly CMS 1.0 Remote Command Execution S
HTTP Freelance Cockpit CRM 'start' SQL Injection Vuln S
HTTP GAT-Ship Web Module 1.30 Information Disclosure S
HTTP Gemalto DS3 Authentication Server Ezio Server File Disclosure S
HTTP GetSimpleCMS 3.3.15 Remote Code Execution S
HTTP Google Chrome 73.0.3683.103 V8 JavaScript Engine Denial Of Service S
HTTP Inout RealEstate - 'city' SQL Injection S
HTTP Intelbras IWR 3000N Denial Of Service S
HTTP Interspire Email Marketer 6.20 Remote Code Execution S
HTTP IPFire 'IDENT_ALLOW_USERS' Cross Site Scripting Vuln S
HTTP IPFire 'IDENT_DENY_USERS' Cross Site Scripting Vuln S
HTTP IPFire 'IDENT_ENABLE_ACL' Cross Site Scripting Vuln S
HTTP IPFire 'IDENT_HOSTS' Cross Site Scripting Vuln S
HTTP IPFire 'IDENT_REQUIRED' Cross Site Scripting Vuln S
HTTP IPFire 'IDENT_TIMEOUT' Cross Site Scripting Vuln S
HTTP IPFire 'IDENT_USER_ACL' Cross Site Scripting Vuln S
HTTP IPFire 'LDAP_PORT' Cross Site Scripting Vuln S
HTTP IPFire 'LDAP_TYPE' Cross Site Scripting Vuln S
HTTP IPFire 'NCSA_BYPASS_REDIR' Cross Site Scripting Vuln S
HTTP IPFire 'NCSA_MIN_PASS_LEN' Cross Site Scripting Vuln S
HTTP IPFire 'RADIUS_ENABLE_ACL' Cross Site Scripting Vuln S
HTTP IPFire 'RADIUS_PORT' Cross Site Scripting Vuln S
HTTP IPFire 'txt_mailsender' Cross Site Scripting Vuln S
HTTP JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery (From Server) S
HTTP JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery (To Server) S
HTTP Joomla ARI Quiz 'categoryId' SQL Injection Vuln S
HTTP Joomla JiFile 2.3.1 Arbitrary File Download S
HTTP Legrand BTicino Driver Manager F454 1.0.51 OpenWebNet Password Change CSRF (From Server) S
HTTP Legrand BTicino Driver Manager F454 1.0.51 OpenWebNet Password Change CSRF (To Server) S
HTTP Legrand BTicino Driver Manager F454 1.0.51 Web Access Password Change CSRF (From Server) S
HTTP Legrand BTicino Driver Manager F454 1.0.51 Web Access Password Change CSRF (To Server) S
HTTP ManageEngine Applications Manager 11.0 14.0 - SQL Injection S
HTTP ManageEngine Applications Manager 14.0 SQL Injection S
HTTP Meeplace Business Review Script - 'id' SQL Injection S
HTTP Moodle Jmol Filter 6.1 Cross Site Scripting S
HTTP Moodle Jmol Filter 6.1 Directory Traversal S
HTTP Moodle Jmol Filter 6.1 File Inclusion S
HTTP Msvod 10 Cross Site Request Forgery (From Server) S
HTTP Msvod 10 Cross Site Request Forgery (To Server) S
HTTP Netgear DGN2200 DGND3700 Admin Password Disclosure S
HTTP NetNumber Titan ENUMDNSNP 7.9.1 Bypass Traversal S
HTTP OOP CMS BLOG 'page.php' SQL Injection Vuln S
HTTP OOP CMS BLOG 'replayMsg.php' SQL Injection Vuln S
HTTP OOP CMS BLOG 'viewUser.php' SQL Injection Vuln S
HTTP OpenDocMan Document Management System 1.3.5 Database Disclosure S
HTTP OpenSkos Simple Knowledge Organization System 2.0 File Disclosure S
HTTP Oracle Business Intelligence Directory Traversal S
HTTP Oracle CTI Web Service XML Injection S
HTTP Oracle Weblogic 10.3.6.0.0 12.1.3.0.0 - Remote Code Execution S
HTTP Oracle Weblogic Server Deserialization Remote Code Execution S
HTTP pfSense HAProxy package 'haproxy_listeners_edit.php' Cross-Site Scripting Vuln S
HTTP ResourceSpace 'watched_searches.php' SQL Injection Vuln S
HTTP Revive Adserver Open Redirect S
HTTP RICOH SP 4510DN Printer HTML Injection S
HTTP RICOH SP 4520DN Printer HTML Injection S
HTTP RingsDB Software 1.0.0 'card-data.sql' Database Disclosure S
HTTP RingsDB Software 1.0.0 'packs-data.sql' Database Disclosure S
HTTP RingsDB Software 1.0.0 'scenario-data.sql' Database Disclosure S
HTTP RSA NetWitness Authorization Bypass S
HTTP Rukovoditel ERP And CRM 2.4.1 Cross Site Scripting S
HTTP SAMSUNG X7400GX Sync Thru Web Service 'leftmenu.sws' Cross-Site Scripting Vuln S
HTTP SAMSUNG X7400GX Sync Thru Web Service 'leftmenu.sws' Cross-Site Scripting Vuln_1 S
HTTP SAMSUNG X7400GX Sync Thru Web Service 'leftmenu.sws' Cross-Site Scripting Vuln_2 S
HTTP SAMSUNG X7400GX Sync Thru Web Service 'loginView.sws' XSS Vuln S
HTTP SAMSUNG X7400GX Sync Thru Web Service 'loginView.sws' XSS Vuln_1 S
HTTP SAMSUNG X7400GX Sync Thru Web Service 'networkinformationView.sws' XSS Vuln S
HTTP SAMSUNG X7400GX Sync Thru Web Service 'swsAlert.sws' Cross-Site Scripting Vuln S
HTTP SAMSUNG X7400GX Sync Thru Web Service 'swsAlert.sws' Cross-Site Scripting Vuln_1 S
HTTP SAMSUNG X7400GX Sync Thru Web Service 'swsAlert.sws' Cross-Site Scripting Vuln_2 S
HTTP SAMSUNG X7400GX Sync Thru Web Service 'swsAlert.sws' Cross-Site Scripting Vuln_3 S
HTTP SAMSUNG X7400GX Sync Thru Web Service 'swsAlert.sws' Cross-Site Scripting Vuln_4 S
HTTP Schneider Electric U.Motion Builder 1.3.4 Command Injection S
HTTP Sentrifugo Human Resource Management System 3.2 File Disclosure S
HTTP Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Get_Task.cgi Information Disc S
HTTP Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment S
HTTP Sierra Wireless AirLink ES450 ACEManager Information Exposure S
HTTP Smoothwall Express 'ANNOY' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'BATTDELAY' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'BATTLEVEL' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'COMMENT' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'COMMENT' Cross-Site Scripting Vuln_1 S
HTTP Smoothwall Express 'DEFAULT_LEASE_TIME' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'DOMAIN' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'DOMAIN_NAME' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'EMAIL' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'FROM' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'HOSTNAME' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'HOSTNAME' Cross-Site Scripting Vuln_1 S
HTTP Smoothwall Express 'IP' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'LOGIN' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'MAX_LEASE_TIME' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'NIS1' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'NIS2' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'NISPORT' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'NIS_DOMAIN' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'NTP2' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'NTP_SERVER' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'PASSWORD' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'POLLTIME' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'RTMIN' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'STATIC_DESC' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'STATIC_HOST' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'STATIC_IP' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'STATIC_MAC' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'TO' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'UPSAUTH' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'UPSIP' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'UPSNAME' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'UPSPORT' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'UPSUSER' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'WINS1' Cross-Site Scripting Vuln S
HTTP Smoothwall Express 'WINS2' Cross-Site Scripting Vuln S
HTTP SOCA Access Control System 180612 'cidx' Authentication bypass SQL injection S
HTTP SOCA Access Control System 180612 'ID' Authentication bypass SQL injection S
HTTP SOCA Access Control System 180612 'pos_id' Authentication bypass SQL injection S
HTTP SOCA Access Control System 180612 Information Disclosure S
HTTP SOCA Access Control System 180612 MD5 Login Authentication bypass S
HTTP SolarWinds DameWare Mini Remote Control 10.0 Denial Of Service S
HTTP Sony Smart TV 'default.prop' Information Disclosure S
HTTP Sony Smart TV File Read S
HTTP Spring Cloud Config 2.1.x Path Traversal S
HTTP Symphony Project sfDoctrinesfPropel 1.x Database Password Disclosure S
HTTP Typora 0.9.9.24.6 Directory Traversal S
HTTP Veeam ONE Reporter 9.5.0.3201 - Cross-Site Request Forgery (From Server) S
HTTP Veeam ONE Reporter 9.5.0.3201 - Cross-Site Request Forgery (To Server) S
HTTP VFront 'azzera' Cross-Site Scripting Vuln S
HTTP VFront 'descrizione_g' Cross-Site Scripting Vuln S
HTTP WordPress Contact Form Builder 1.0.67 CSRF LFI (From Server) S
HTTP WordPress Contact Form Builder 1.0.67 CSRF LFI (To Server) S
HTTP WordPress Diarise 1.5.9 Local File Disclosure S
HTTP Wordpress Social Warfare Remote Code Execution S
HTTP XAMPP 'cds-fpdf.php' Cross-Site Scripting Vuln S
HTTP XAMPP 'cds-fpdf.php' Cross-Site Scripting Vuln_1 S
HTTP XAMPP 'cds-fpdf.php' SQL Injection Vuln S
HTTP Xitami Web Server 2.5 Remote Buffer Overflow S
HTTP Zeeways Jobsite CMS 'id' SQL Injection Vuln S
HTTP Zeeways Matrimony CMS 'profile_list' SQL Injection Vuln S
HTTP Zeeways Matrimony CMS 'profile_list' SQL Injection Vuln_1 S
HTTP Zeeways Matrimony CMS 'profile_list' SQL Injection Vuln_2 S
HTTP Zikula Core CMS 2.0.13 Database Disclosure S
HTTP Zoho ManageEngine Netflow Analyzer Professional 'addMailSettings.jsp' XSS Vuln S
HTTP Zoho ManageEngine Netflow Analyzer Professional 'editProfile.jsp' XSS Vuln S
HTTP Zoho ManageEngine Netflow Analyzer Professional 'groupConfiguration.jsp' XSS Vuln S
HTTP Zoho ManageEngine Netflow Analyzer Professional 'groupConfiguration.jsp' XSS Vuln_1 S
HTTP Zoho ManageEngine Netflow Analyzer Professional 'groupConfiguration.jsp' XSS Vuln_2 S
HTTP Zoho ManageEngine Netflow Analyzer Professional 'groupConfiguration.jsp' XSS Vuln_3 S
HTTP Zoho ManageEngine Netflow Analyzer Professional 'index.jsp' XSS Vuln S
HTTP Zoho ManageEngine Netflow Analyzer Professional 'linkdownalertConfig.jsp' XSS Vuln S
HTTP Zoho ManageEngine Netflow Analyzer Professional 'NetworkSnapShot.jsp' XSS Vuln S
HTTP Zoho ManageEngine Netflow Analyzer Professional 'NetworkSnapShot.jsp' XSS Vuln_1 S
HTTP Zoho ManageEngine ServiceDesk Plus Privilege Escalation S
HTTP Zotonic 0.46 mod_admin Cross Site Scripting S
Lotus Domino 8.5.3 EXAMINE Stack Buffer Overflow S
Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability CVE-2019-0708 S
SMTP MailCarrier 2.51 HELP Remote Buffer Overflow S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.