Search

Traffic File Update - August 2019

This Traffic IQ Professional update for August 2019 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for August 2019

129 Application Exploits

FTP CoreFTP Server SIZE Directory Traversal S
HTTP Active PHP Bookmarks 'cookie_auth.php' SQL Injection Vuln S
HTTP Adive Framework 'Change User Password' CSRF Vuln (From Server) S
HTTP Adive Framework 'Change User Password' CSRF Vuln (To Server) S
HTTP Adobe Acrobat CoolType (AFDKO) Type 1 Font Memory Corruption S
HTTP Adobe Acrobat CoolType (AFDKO) Type 1 Font Uninitialized Memory Issue S
HTTP Adobe Acrobat Reader DC For Windows CoolType.dll Buffer Overflow S
HTTP Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization RCE S
HTTP Agent Tesla Botnet Arbitrary Code Execution S
HTTP Aptana Jaxer 1.0.3.4547 Local File Inclusion S
HTTP ARMBot Botnet Arbitrary Code Execution S
HTTP ATutor 2.2.4 Arbitrary File Upload Command Execution S
HTTP Axway SecureTransport 5 - Unauthenticated XML Injection S
HTTP Baldr Botnet Panel Shell Upload S
HTTP Belkin N600DB Wireless Router - 'adv_wifidef.cgi' Wifi Password Disclosure S
HTTP Belkin N600DB Wireless Router - FTP Server-Side Request Forgery S
HTTP Belkin N600DB Wireless Router - HTTP Server-Side Request Forgery S
HTTP Belkin N600DB Wireless Router - HTTPD Server Port Disclosure S
HTTP Cafe and Restaurant Website CMS 'slug' SQL Injection Vuln S
HTTP CentOS 7.6.1810 Control Web Panel 0.9.8.837 Cross Site Request Forgery S
HTTP CentOS 7.6.1810 Control Web Panel 0.9.8.837 Cross Site Scripting S
HTTP CentOS Control Web Panel 'filemanager2.php' Cross-Site Scripting Vuln S
HTTP CentOS Control Web Panel (CWP) 0.9.8.851 Arbitrary Database Drop S
HTTP CentOS Control Web Panel 0.9.8.836 Remote Command Execution S
HTTP CentOS Control Web Panel 0.9.8.840 User Enumeration S
HTTP Chrome blinkPresentationAvailabilityStateUpdateAvailability Heap Use-After-Free S
HTTP Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery (From Server) S
HTTP Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery (To Server) S
HTTP College Notes Management System 1.0 CSRF (From Server) S
HTTP College Notes Management System 1.0 CSRF (To Server) S
HTTP D-Link 6600-AP - 'action' XSS S
HTTP D-Link 6600-AP - Certificate Disclosure S
HTTP D-Link 6600-AP - Config Files Information Disclosure S
HTTP D-Link 6600-AP - Denial of Service S
HTTP D-Link DIR-600M Wireless N 150 Home Router Access Bypass S
HTTP Daily Expense Manager 'delete income data' CSRF Vuln (From Server) S
HTTP Daily Expense Manager 'delete income data' CSRF Vuln (To Server) S
HTTP DomainMod 'daterange' Cross-Site Scripting Vuln S
HTTP DWSurvey 'surveyName' Cross-Site Scripting Vuln S
HTTP Endian Firewall 'DISPLAY_GREEN_ADDRESS' Cross-Site Scripting Vuln S
HTTP EyesOfNetwork 5.1 - Authenticated Remote Command Execution S
HTTP FortiOS 5.6.7 6.0.4 Credential Disclosure S
HTTP GitStack 2.3.10 - Unauthenticated Remote Code Execution S
HTTP Hawtio 2.5.0 Server Side Request Forgery S
HTTP i-doit 1.12 - 'qr.php' Cross-Site Scripting S
HTTP Integria IMS 5.0.86 Arbitrary File Upload S
HTTP Joomla JomEstate 'tmpl' SQL Injection Vuln S
HTTP Joomla JS Support Ticket 1.1.5 Arbitrary File Download S
HTTP Joomla JS Support Ticket 1.1.6 Arbitrary File Deletion S
HTTP Joomla OrgChart 'cat' Cross-Site Scripting Vuln S
HTTP JoomSport plugin for WordPress 'sid' SQL Injection Vuln S
HTTP JS Jobs extension for Joomla! 'citydata' SQL Injection Vuln S
HTTP JS Support Ticket extension for Joomla! 'child' SQL Injection Vuln S
HTTP JS Support Ticket extension for Joomla! 'name' Directory Traversal Vuln S
HTTP KBPublisher 'entry_id' SQL Injection Vuln S
HTTP KBPublisher 'id' SQL Injection Vuln S
HTTP Kimai 'description' Cross-Site Scripting Vuln S
HTTP LibreOffice Macro Python Code Execution S
HTTP LSoft ListServ 'OK' Cross-Site Scripting Vuln S
HTTP MapProxy 'format' Cross-Site Scripting Vuln S
HTTP Master IP CAM 01 3.3.4.2103 - 'getwifiattr.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'getwifistatus.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'inetconfig.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'iptest.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'listwifiap.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'p2p.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'paraconf.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'scanwifi.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'setadslattr.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'setddnsattr.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'setinetattr.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'setwifiattr.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'upnp_start.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'wifimode.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'wifitest.cgi' Remote Command Execution S
HTTP Mitel 6869i Voip Deskphone 4.2.2032 Command Injection S
HTTP Moodle Filepicker 3.5.2 Server-Side Request Forgery S
HTTP Neo Billing 'content' CSRF Vuln (From Server) S
HTTP Neo Billing 'content' CSRF Vuln (To Server) S
HTTP Neo Billing 'Description' Cross-Site Scripting Vuln S
HTTP Neo Billing 'Subject' Cross-Site Scripting Vuln S
HTTP Neo Billing 'title' CSRF Vuln (From Server) S
HTTP Neo Billing 'title' CSRF Vuln (To Server) S
HTTP Open-School 'id' Cross-Site Scripting Vuln S
HTTP Open-School 'id' SQL Injection Vuln S
HTTP Opencart 2.3.0.2 Insecure OCMod Generation Remote Command Execution S
HTTP OpenCMS 10.5.3 - Cross-Site Scripting S
HTTP openITCOCKPIT 3.6.1-2 Cross Site Request Forgery S
HTTP Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting S
HTTP PilusCart 'filename' Local File Disclosure Vuln S
HTTP Plexo Torresoft Alex Torres Software 'module' SQL Injection Vuln S
HTTP ProGradeLierda Grill Temperature 1.00_50006 Hardcoded Credentials S
HTTP Pulse Secure SSL VPN 8.1R15.1 8.2 8.3 9.0 Arbitrary File Disclosure S
HTTP SAPUI5 1.0.0 SAP Gateway 7.5 7.51 7.52 7.53 Content Spoofing S
HTTP Sar2HTML 3.2.1 - Remote Command Execution S
HTTP Schneider Electric Pelco Endura NET55XX Encoder S
HTTP SugarCRM Enterprise 'desktop_url' Cross-Site Scripting Vuln S
HTTP TortoiseSVN 1.12.1 Remote Code Execution S
HTTP Trustwave SWG 11.8.0.27 - SSH Unauthorized Access S
HTTP Ultimate Loan Manager 'notes' Cross-Site Scripting Vuln S
HTTP UserSpice 4.3 - Blind SQL Injection S
HTTP Web Wiz Forums 'PF' SQL Injection Vuln S
HTTP WebIncorp ERP 'prod_id' SQL Injection Vuln S
HTTP Webmin 1.890 expired Remote Root S
HTTP Webmin 1.920 - Unauthenticated Remote Code Execution (Metasploit) S
HTTP Webmin 1.920 Remote Command Execution S
HTTP Wikindx 'PagingStart' SQL Injection Vuln S
HTTP WordPress Add Mime Types 2.2.1 Cross Site Request Forgery (From Server) S
HTTP WordPress Add Mime Types 2.2.1 Cross Site Request Forgery (To Server) S
HTTP WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions S
HTTP WordPress Plugin WooCommerce Product Feed 'link' Cross-Site Scripting Vuln S
HTTP WordPress UserPro 'error_description' Cross-Site Scripting Vuln S
HTTP WordPress WP Fastest Cache 0.8.9.5 Directory Traversal S
HTTP YouPHPTube 'pass' SQL Injection Vuln S
HTTP YouPHPTube 'user' SQL Injection Vuln S
HTTP Zoho Corporation ManageEngine ServiceDesk Plus Information Disclosure S
HTTP Zoho Corporation ManageEngine ServiceDesk Plus User Enumeration S
HTTP Zomato Clone Script - Arbitrary File Upload S
HTTP Zurmo 'modalId' Cross-Site Scripting Vuln S
HTTP Zurmo 3.2.6 Iframe Injection S
HTTP Zurmo 3.2.6 Out Of Band Code Evaluation S
Malware DNS Request for domain associated with MedusaHTTP Malware (bbouble.xyz) S
Malware GET Request Associated with Rig Exploit Kit (5.23.55.246) S
Malware GET Request Associated with Rig Exploit Kit (hotelesmeflo.com) S
Malware GET Request Associated with Rig Exploit Kit (makemoneyeasy.live) S
Malware POST Request Associated with MedusaHTTP Malware (cdnshop78.world) S
Malware POST Request Associated with MedusaHTTP Malware (mtcunlocker.info) S
Malware POST Request Associated with Rig Exploit Kit (mixworld1.tk) S
UDP BACnet Stack 0.8.6 - Denial of Service S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.