Search

Traffic File Update - February 2020

This Traffic IQ Professional update for February 2020 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for February 2020

126 Application Exploits

HTTP Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution (PoC) S
HTTP AMD Plays.tv 1.27.5.0 - 'plays_service.exe' Arbitrary File Execution S
HTTP AMSS++ 'maildetail.php' SQL Injection Vuln S
HTTP AROX School ERP System 'Add Admin' CSRF Vuln (From Server) S
HTTP AROX School ERP System 'Add Admin' CSRF Vuln (To Server) S
HTTP AROX School ERP System 'Delete User' CSRF Vuln (From Server) S
HTTP AROX School ERP System 'Delete User' CSRF Vuln (To Server) S
HTTP Astak CM-818T3 Remote Configuration Disclosure S
HTTP Atlassian JIRA Server Code Execution S
HTTP ATutor 'id' SQL Injection Vuln S
HTTP AVideo Platform 'Password Recovery' CSRF Vuln (From Server) S
HTTP AVideo Platform 'Password Recovery' CSRF Vuln (To Server) S
HTTP AVideo Platform 'Password Reset' CSRF Vuln (From Server) S
HTTP AVideo Platform 'Password Reset' CSRF Vuln (To Server) S
HTTP BDTask Business Live Chat Software 'Add Admin' CSRF Vuln (From Server) S
HTTP BDTask Business Live Chat Software 'Add Admin' CSRF Vuln (To Server) S
HTTP Cacti 1.2.8 Unauthenticated Remote Code Execution S
HTTP CandidATS 'Add Admin' CSRF Vuln (From Server) S
HTTP CandidATS 'Add Admin' CSRF Vuln (To Server) S
HTTP Chiyu BF-430 232 485 TCP IP Converter devices Cross-Site Scripting Vuln S
HTTP Cisco Prime Collaboration Provisioning 12.1 - Remote Code Execution S
HTTP Codologic Codoforum 'output_txt' Cross-Site Scripting Vuln S
HTTP Comtrend VR-3033 Command Injection S
HTTP Dell EMC VMAX Virtual Appliance Manager Default Account S
HTTP DirectWeb 'szo' Cross-Site Scripting Vuln S
HTTP Easy2Pilot 'Add User' CSRF Vuln (From Server) S
HTTP Easy2Pilot 'Add User' CSRF Vuln (To Server) S
HTTP Ediser PackWeb Formap E-Learning 'NumCours' SQL Injection Vuln S
HTTP eLection 'id' SQL Injection Vuln S
HTTP FlexNet Publisher 'Add Admin' CSRF Vuln (From Server) S
HTTP FlexNet Publisher 'Add Admin' CSRF Vuln (To Server) S
HTTP Gamersage Lotus Core CMS Local File Inclusion Vuln S
HTTP Go Get Implementation Command Execution S
HTTP GUnet OpenEclass E-learning platform 'month' SQL Injection Vuln S
HTTP Heatmiser Netmonitor 'outputSetup.htm' HTML Injection Vuln S
HTTP IBM RICOH 6400 Printer 'logpathConf.html' HTML Injection Vuln S
HTTP ICE HRM 'Add User' CSRF Vuln (From Server) S
HTTP ICE HRM 'Add User' CSRF Vuln (To Server) S
HTTP ICE HRM 'Change Password' CSRF Vuln (From Server) S
HTTP ICE HRM 'Change Password' CSRF Vuln (To Server) S
HTTP ImageMagick = 6.9.3-9 = 7.0.1-0 - (CVE-2016-3714) S
HTTP Internet Explorer 11 - Garbage Collector Attribute Type Confusion (MS16-063) S
HTTP Jira 8.3.4 Information Disclosure S
HTTP Jobberbase CMS 'jobs-in' SQL Injection Vuln S
HTTP LearnDash WordPress LMS Cross-Site Scripting Vuln S
HTTP Microsoft Edge - 'Array.join' Infomation Leak (MS16-119) S
HTTP Microsoft Edge - 'Array.map' Heap Overflow (MS16-119) S
HTTP Microsoft Edge - 'Array.reverse' Overflow S
HTTP Microsoft Edge - 'eval' Type Confusion S
HTTP Microsoft Edge - 'FillFromPrototypes' Type Confusion S
HTTP Microsoft Edge - CBase ScriptablePrivate Query Interface Memory Corruption (MS16-068) S
HTTP Microsoft Edge - Chakra Incorrectly Parses Object Patterns S
HTTP Microsoft Edge 38.14393.0.0 - JavaScript Engine Use-After-Free S
HTTP Microsoft Edge 38.14393.1066.0 - 'COptionsCollectionCacheItemGetAt' Out-of-Bounds Read S
HTTP Microsoft Edge 40.15063.0.0 Chakra - Incorrect JIT Optimization with TypedArray Setter S
HTTP Microsoft Edge Chakra - 'chakra!JsGlobalObject' Integer overflow S
HTTP Microsoft Edge Chakra - 'JavascriptFunction ReparseAsmJsModule' Incorrectly Re-parses S
HTTP Microsoft Edge Chakra - 'JavascriptFunctionEntryCall' (CVE-2017-8671) S
HTTP Microsoft Edge Chakra - 'ParserParseCatch' does not Handle 'eval' DoS S
HTTP Microsoft Edge Chakra - 'PreVisitCatch' Missing Call S
HTTP Microsoft Edge Chakra - 'StackScriptFunction BoxState Box' (CVE-2017-11809) S
HTTP Microsoft Edge Chakra - Buffer Overflow S
HTTP Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes (CVE-2017-8740) S
HTTP Microsoft Edge Chakra - Incorrect JIT Optimization with TypedArray Setter S
HTTP Microsoft Edge Chakra - Incorrect Usage of 'PushPopFrameHelper' DoS S
HTTP Microsoft Edge Chakra - Uninitialized Arguments (CVE-2017-8640) S
HTTP Microsoft Edge Chakra - Uninitialized Arguments (CVE-2017-8670) S
HTTP Microsoft Edge Chakra Incorrect Jit Optimization (CVE-2017-0071) S
HTTP Microsoft Edge Chakra JIT - 'Array.prototype.reverse' Array Type Confusion S
HTTP Microsoft Edge Chakra JIT - 'LdThis' Type Confusion S
HTTP Microsoft Edge Chakra JIT - 'NewScObjectNoCtor' Array Type Confusion S
HTTP Microsoft Edge Chakra JIT - 'RegexHelper StringReplace' Must Call the Callback Function S
HTTP Microsoft Edge Chakra JIT - Array Type Confusion via InitProto Instructions S
HTTP Microsoft Edge Chakra JIT - Incorrect Function Declaration Scope S
HTTP Microsoft Edge Chakra JIT - Incorrect GenerateBailOut Calling Patterns S
HTTP Microsoft Edge Chakra JIT - Stack-to-Heap Copy (CVE-2018-0934) S
HTTP Microsoft Edge Remote Code Execution (CVE-2018-8495) S
HTTP Microsoft Edge Scripting Engine Code Execution (CVE-2018-0770) S
HTTP Microsoft IE - MSHTML!CMultiReadStreamLifetimeManagerReleaseThreadStateInternal S
HTTP Microsoft Internet Explorer 11 - 'JsRegexHelperRegexReplace' Use-After-Free S
HTTP Microsoft Internet Explorer 11 Windows 7 - vbscript Code Execution S
HTTP Microsoft Internet Explorer Code Execution (CVE-2018-8373) S
HTTP Microsoft Internet Explorer CVE-2016-0189 Scripting Engine Remote Memory Corruption S
HTTP Microsoft MsMpEng - Remote Use-After-Free Due to Design Issue in GC Engine S
HTTP Microsoft Windows - 'jscript!RegExpCompCompile' Heap Overflow S
HTTP Microsoft Windows .NET Framework - Remote Code Execution S
HTTP Microsoft Windows ActiveX Data Objects (ADO) Code Execution S
HTTP Microsoft Windows Defender - 'mpengine.dll' Memory Corruption S
HTTP Microsoft Windows Media Center - .MCL File Processing Remote Code Execution (MS16-059) S
HTTP Microsoft Windows MSHTML Engine - Edit Remote Code Execution S
HTTP Microsoft Windows Shell Code Execution (CVE-2018-8414) S
HTTP Online Job Portal 'Add User' CSRF Vuln (From Server) S
HTTP Online Job Portal 'Add User' CSRF Vuln (To Server) S
HTTP Pandora FMS 7.0 Authenticated Remote Code Execution S
HTTP PHP-Fusion CMS 'blog_image' Cross-Site Scripting Vuln S
HTTP PHP-Fusion CMS 'blog_image_t1' Cross-Site Scripting Vuln S
HTTP PHP-Fusion CMS 'blog_image_t2' Cross-Site Scripting Vuln S
HTTP PHP-Fusion CMS 'text' Cross-Site Scripting Vuln (From Server) S
HTTP PHP-Fusion CMS 'text' Cross-Site Scripting Vuln (To Server) S
HTTP PHPGurukul Online Birth Certificate System 'Name of Father' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Birth Certificate System 'Permanent Address' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Birth Certificate System 'Place of Birth' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Birth Certificate System 'Postal Address' Cross-Site Scripting Vuln S
HTTP phpMyChat Plus 'pmc_username' SQL Injection Vuln S
HTTP QuickDate '_located' SQL Injection Vuln S
HTTP RICOH Aficio SP 5200S Printer 'entryNameIn' HTML Injection Vuln S
HTTP RICOH Aficio SP 5200S Printer 'entryNameIn' HTML Injection Vuln_1 S
HTTP RICOH Aficio SP 5210SF Printer 'entryNameIn' HTML Injection Vuln S
HTTP RICOH Aficio SP 5210SF Printer 'entryNameIn' HTML Injection Vuln_1 S
HTTP SOPlanning 'Add User' CSRF Vuln (From Server) S
HTTP SOPlanning 'Add User' CSRF Vuln (To Server) S
HTTP SOPlanning 'by' SQL Injection Vuln S
HTTP SOPlanning 'Change Password' CSRF Vuln (From Server) S
HTTP SOPlanning 'Change Password' CSRF Vuln (To Server) S
HTTP SOPlanning 'users' SQL Injection Vuln S
HTTP Vanilla Forum 'branding' Cross-Site Scripting Vuln S
HTTP VBScript - VbsErase Reference Leak Use-After-Free S
HTTP VehicleWorkshop 'bookingid' SQL Injection Vuln S
HTTP WordPress Contact-Form 'page' Cross-Site Scripting Vuln S
HTTP Wordpress Plugin Tutor LMS 'Add User' CSRF Vuln (From Server) S
HTTP Wordpress Plugin Tutor LMS 'Add User' CSRF Vuln (To Server) S
HTTP WordPress Tutor 'topic_id' Cross-Site Scripting Vuln S
HTTP WordPress Tutor Local File Inclusion Vuln S
HTTP WordPress Ultimate-Member Local File Inclusion Vuln S
HTTP WordPress WP Fanzone 3.1 'divisionid' SQL Injection S
SMB MikroTik RouterOS 6.41.3 6.42rc27 - SMB Buffer Overflow S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.