Traffic IQ Professional
Traffic File Update for August 2019
129 Application Exploits
FTP CoreFTP Server SIZE Directory Traversal S
HTTP Active PHP Bookmarks 'cookie_auth.php' SQL Injection Vuln S
HTTP Adive Framework 'Change User Password' CSRF Vuln (From Server) S
HTTP Adive Framework 'Change User Password' CSRF Vuln (To Server) S
HTTP Adobe Acrobat CoolType (AFDKO) Type 1 Font Memory Corruption S
HTTP Adobe Acrobat CoolType (AFDKO) Type 1 Font Uninitialized Memory Issue S
HTTP Adobe Acrobat Reader DC For Windows CoolType.dll Buffer Overflow S
HTTP Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization RCE S
HTTP Agent Tesla Botnet Arbitrary Code Execution S
HTTP Aptana Jaxer 1.0.3.4547 Local File Inclusion S
HTTP ARMBot Botnet Arbitrary Code Execution S
HTTP ATutor 2.2.4 Arbitrary File Upload Command Execution S
HTTP Axway SecureTransport 5 - Unauthenticated XML Injection S
HTTP Baldr Botnet Panel Shell Upload S
HTTP Belkin N600DB Wireless Router - 'adv_wifidef.cgi' Wifi Password Disclosure S
HTTP Belkin N600DB Wireless Router - FTP Server-Side Request Forgery S
HTTP Belkin N600DB Wireless Router - HTTP Server-Side Request Forgery S
HTTP Belkin N600DB Wireless Router - HTTPD Server Port Disclosure S
HTTP Cafe and Restaurant Website CMS 'slug' SQL Injection Vuln S
HTTP CentOS 7.6.1810 Control Web Panel 0.9.8.837 Cross Site Request Forgery S
HTTP CentOS 7.6.1810 Control Web Panel 0.9.8.837 Cross Site Scripting S
HTTP CentOS Control Web Panel 'filemanager2.php' Cross-Site Scripting Vuln S
HTTP CentOS Control Web Panel (CWP) 0.9.8.851 Arbitrary Database Drop S
HTTP CentOS Control Web Panel 0.9.8.836 Remote Command Execution S
HTTP CentOS Control Web Panel 0.9.8.840 User Enumeration S
HTTP Chrome blinkPresentationAvailabilityStateUpdateAvailability Heap Use-After-Free S
HTTP Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery (From Server) S
HTTP Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery (To Server) S
HTTP College Notes Management System 1.0 CSRF (From Server) S
HTTP College Notes Management System 1.0 CSRF (To Server) S
HTTP D-Link 6600-AP - 'action' XSS S
HTTP D-Link 6600-AP - Certificate Disclosure S
HTTP D-Link 6600-AP - Config Files Information Disclosure S
HTTP D-Link 6600-AP - Denial of Service S
HTTP D-Link DIR-600M Wireless N 150 Home Router Access Bypass S
HTTP Daily Expense Manager 'delete income data' CSRF Vuln (From Server) S
HTTP Daily Expense Manager 'delete income data' CSRF Vuln (To Server) S
HTTP DomainMod 'daterange' Cross-Site Scripting Vuln S
HTTP DWSurvey 'surveyName' Cross-Site Scripting Vuln S
HTTP Endian Firewall 'DISPLAY_GREEN_ADDRESS' Cross-Site Scripting Vuln S
HTTP EyesOfNetwork 5.1 - Authenticated Remote Command Execution S
HTTP FortiOS 5.6.7 6.0.4 Credential Disclosure S
HTTP GitStack 2.3.10 - Unauthenticated Remote Code Execution S
HTTP Hawtio 2.5.0 Server Side Request Forgery S
HTTP i-doit 1.12 - 'qr.php' Cross-Site Scripting S
HTTP Integria IMS 5.0.86 Arbitrary File Upload S
HTTP Joomla JomEstate 'tmpl' SQL Injection Vuln S
HTTP Joomla JS Support Ticket 1.1.5 Arbitrary File Download S
HTTP Joomla JS Support Ticket 1.1.6 Arbitrary File Deletion S
HTTP Joomla OrgChart 'cat' Cross-Site Scripting Vuln S
HTTP JoomSport plugin for WordPress 'sid' SQL Injection Vuln S
HTTP JS Jobs extension for Joomla! 'citydata' SQL Injection Vuln S
HTTP JS Support Ticket extension for Joomla! 'child' SQL Injection Vuln S
HTTP JS Support Ticket extension for Joomla! 'name' Directory Traversal Vuln S
HTTP KBPublisher 'entry_id' SQL Injection Vuln S
HTTP KBPublisher 'id' SQL Injection Vuln S
HTTP Kimai 'description' Cross-Site Scripting Vuln S
HTTP LibreOffice Macro Python Code Execution S
HTTP LSoft ListServ 'OK' Cross-Site Scripting Vuln S
HTTP MapProxy 'format' Cross-Site Scripting Vuln S
HTTP Master IP CAM 01 3.3.4.2103 - 'getwifiattr.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'getwifistatus.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'inetconfig.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'iptest.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'listwifiap.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'p2p.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'paraconf.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'scanwifi.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'setadslattr.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'setddnsattr.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'setinetattr.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'setwifiattr.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'upnp_start.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'wifimode.cgi' Remote Command Execution S
HTTP Master IP CAM 01 3.3.4.2103 - 'wifitest.cgi' Remote Command Execution S
HTTP Mitel 6869i Voip Deskphone 4.2.2032 Command Injection S
HTTP Moodle Filepicker 3.5.2 Server-Side Request Forgery S
HTTP Neo Billing 'content' CSRF Vuln (From Server) S
HTTP Neo Billing 'content' CSRF Vuln (To Server) S
HTTP Neo Billing 'Description' Cross-Site Scripting Vuln S
HTTP Neo Billing 'Subject' Cross-Site Scripting Vuln S
HTTP Neo Billing 'title' CSRF Vuln (From Server) S
HTTP Neo Billing 'title' CSRF Vuln (To Server) S
HTTP Open-School 'id' Cross-Site Scripting Vuln S
HTTP Open-School 'id' SQL Injection Vuln S
HTTP Opencart 2.3.0.2 Insecure OCMod Generation Remote Command Execution S
HTTP OpenCMS 10.5.3 - Cross-Site Scripting S
HTTP openITCOCKPIT 3.6.1-2 Cross Site Request Forgery S
HTTP Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting S
HTTP PilusCart 'filename' Local File Disclosure Vuln S
HTTP Plexo Torresoft Alex Torres Software 'module' SQL Injection Vuln S
HTTP ProGradeLierda Grill Temperature 1.00_50006 Hardcoded Credentials S
HTTP Pulse Secure SSL VPN 8.1R15.1 8.2 8.3 9.0 Arbitrary File Disclosure S
HTTP SAPUI5 1.0.0 SAP Gateway 7.5 7.51 7.52 7.53 Content Spoofing S
HTTP Sar2HTML 3.2.1 - Remote Command Execution S
HTTP Schneider Electric Pelco Endura NET55XX Encoder S
HTTP SugarCRM Enterprise 'desktop_url' Cross-Site Scripting Vuln S
HTTP TortoiseSVN 1.12.1 Remote Code Execution S
HTTP Trustwave SWG 11.8.0.27 - SSH Unauthorized Access S
HTTP Ultimate Loan Manager 'notes' Cross-Site Scripting Vuln S
HTTP UserSpice 4.3 - Blind SQL Injection S
HTTP Web Wiz Forums 'PF' SQL Injection Vuln S
HTTP WebIncorp ERP 'prod_id' SQL Injection Vuln S
HTTP Webmin 1.890 expired Remote Root S
HTTP Webmin 1.920 - Unauthenticated Remote Code Execution (Metasploit) S
HTTP Webmin 1.920 Remote Command Execution S
HTTP Wikindx 'PagingStart' SQL Injection Vuln S
HTTP WordPress Add Mime Types 2.2.1 Cross Site Request Forgery (From Server) S
HTTP WordPress Add Mime Types 2.2.1 Cross Site Request Forgery (To Server) S
HTTP WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions S
HTTP WordPress Plugin WooCommerce Product Feed 'link' Cross-Site Scripting Vuln S
HTTP WordPress UserPro 'error_description' Cross-Site Scripting Vuln S
HTTP WordPress WP Fastest Cache 0.8.9.5 Directory Traversal S
HTTP YouPHPTube 'pass' SQL Injection Vuln S
HTTP YouPHPTube 'user' SQL Injection Vuln S
HTTP Zoho Corporation ManageEngine ServiceDesk Plus Information Disclosure S
HTTP Zoho Corporation ManageEngine ServiceDesk Plus User Enumeration S
HTTP Zomato Clone Script - Arbitrary File Upload S
HTTP Zurmo 'modalId' Cross-Site Scripting Vuln S
HTTP Zurmo 3.2.6 Iframe Injection S
HTTP Zurmo 3.2.6 Out Of Band Code Evaluation S
Malware DNS Request for domain associated with MedusaHTTP Malware (bbouble.xyz) S
Malware GET Request Associated with Rig Exploit Kit (5.23.55.246) S
Malware GET Request Associated with Rig Exploit Kit (hotelesmeflo.com) S
Malware GET Request Associated with Rig Exploit Kit (makemoneyeasy.live) S
Malware POST Request Associated with MedusaHTTP Malware (cdnshop78.world) S
Malware POST Request Associated with MedusaHTTP Malware (mtcunlocker.info) S
Malware POST Request Associated with Rig Exploit Kit (mixworld1.tk) S
UDP BACnet Stack 0.8.6 - Denial of Service S