Traffic IQ Professional
Traffic File Update for April 2020
154 Application Exploits
Amcrest Dahua NVR Camera IP2M-841 Denial Of Service S
HTTP 10-Strike Network Inventory Explorer 9.03 Buffer Overflow S
HTTP 10Strike LANState 9.32 Host Check hostname Buffer Overflow S
HTTP 13enforme CMS 'id' Cross-Site Scripting Vuln S
HTTP AIDA64 Engineer 6.20.5300 Buffer Overflow S
HTTP AirDisk Pro 5.5.3 'createFolder' Persistent Cross-Site Scripting Vuln (From Server) S
HTTP AirDisk Pro 5.5.3 'createFolder' Persistent Cross-Site Scripting Vuln (To Server) S
HTTP AirDisk Pro 5.5.3 'deleteFile' Persistent Cross-Site Scripting Vuln (From Server) S
HTTP AirDisk Pro 5.5.3 'deleteFile' Persistent Cross-Site Scripting Vuln (To Server) S
HTTP Artica Pandora FMS 'similar_ids' Cross-Site Scripting Vuln S
HTTP BlazeDVD 7.0.2 Buffer Overflow S
HTTP Bundeswehr Karriere ' interests' Cross-Site Scripting Vuln S
HTTP Bundeswehr Karriere 'careers' Cross-Site Scripting Vuln S
HTTP Bundeswehr Karriere 'termination' Cross-Site Scripting Vuln S
HTTP Car Rental System 2.6 'page' Cross-Site Scripting Vuln S
HTTP Centreon 19.10-3.el7 SQL Injection S
HTTP Centreon 19.10.5 'svc_id' SQL Injection Vuln S
HTTP Chrome AudioArrayAllocate Data Race Out-Of-Bounds Access S
HTTP Cisco IP Phone 11.7 Denial Of Service S
HTTP CSZ CMS 1.2.7 Cross Site Scripting S
HTTP CSZ CMS 1.2.7 HTML Injection Vuln S
HTTP DedeCMS 7.5 SP2 'activepath' Cross-Site Scripting Vuln S
HTTP DedeCMS 7.5 SP2 'activepath' Cross-Site Scripting Vuln_1 S
HTTP DedeCMS 7.5 SP2 'CKEditor' Cross-Site Scripting Vuln S
HTTP DedeCMS 7.5 SP2 'CKEditorFuncNum' Cross-Site Scripting Vuln S
HTTP DedeCMS 7.5 SP2 'filename' Cross-Site Scripting Vuln S
HTTP DedeCMS 7.5 SP2 'filename' Cross-Site Scripting Vuln_1 S
HTTP DedeCMS 7.5 SP2 'filename' Cross-Site Scripting Vuln_2 S
HTTP DedeCMS 7.5 SP2 'keyword' Cross-Site Scripting Vuln S
HTTP DedeCMS 7.5 SP2 'mid' Cross-Site Scripting Vuln S
HTTP DedeCMS 7.5 SP2 'tag' Cross-Site Scripting Vuln S
HTTP DedeCMS 7.5 SP2 'templet' Cross-Site Scripting Vuln S
HTTP DedeCMS 7.5 SP2 'userid' Cross-Site Scripting Vuln S
HTTP DrayTek Vigor2960 Vigor3900 Vigor300B Remote Command Execution S
HTTP ECK Hotel 1.0 'Add Admin User' CSRF Vuln (From Server) S
HTTP ECK Hotel 1.0 'Add Admin User' CSRF Vuln (To Server) S
HTTP Edimax EW-7438RPn 'Mac Filtering' CSRF Vuln (From Server) S
HTTP Edimax EW-7438RPn 'Mac Filtering' CSRF Vuln (To Server) S
HTTP Edimax Technology EW-7438RPn-v3 Mini 1.27 Information Disclosure S
HTTP Edimax Technology EW-7438RPn-v3 Mini 1.27 Remote Code Execution CSRF S
HTTP Edimax Technology EW-7438RPn-v3 Mini 1.27 Remote Code Execution S
HTTP Enhanced Multimedia Router 3.0.4.27 Cross Site Request Forgery S
HTTP Fork CMS 5.8.0 'Add User' Cross-Site Scripting Vuln (From Server) S
HTTP Fork CMS 5.8.0 'Add User' Cross-Site Scripting Vuln (To Server) S
HTTP Fork CMS 5.8.0 'Edit User' Cross-Site Scripting Vuln (From Server) S
HTTP Fork CMS 5.8.0 'Edit User' Cross-Site Scripting Vuln (To Server) S
HTTP Fork CMS 5.8.0 'User Registration Form' Cross-Site Scripting Vuln (From Server) S
HTTP Fork CMS 5.8.0 'User Registration Form' Cross-Site Scripting Vuln (To Server) S
HTTP Fork CMS 5.8.0 'var' Cross-Site Scripting Vuln S
HTTP FreeCommander XE 2020 Pathname Buffer Overflow S
HTTP Horde 5.2.22 CSV Import Code Execution S
HTTP IBM Data Risk Manager - Authentication Bypass S
HTTP IBM Data Risk Manager - Command Injection S
HTTP IBM Data Risk Manager - File Download S
HTTP IBM Data Risk Manager - File Upload S
HTTP IBM Data Risk Manager - User Enumeration S
HTTP IQrouter 3.3.1 - 'find_ip_address_conflict' Remote Code Execution S
HTTP IQrouter 3.3.1 - 'p1' Remote Code Execution S
HTTP IQrouter 3.3.1 - 'p2' Remote Code Execution S
HTTP IQrouter 3.3.1 - 's1' Remote Code Execution S
HTTP IQrouter 3.3.1 - 's2' Remote Code Execution S
HTTP IQrouter 3.3.1 - 'save_isp' Remote Code Execution S
HTTP IQrouter 3.3.1 - 'set_security_question' Remote Code Execution S
HTTP IQrouter 3.3.1 - 'set_wan_modem_interfaces' Remote Code Execution S
HTTP IQrouter 3.3.1 - 'vlan_tag' Remote Code Execution S
HTTP IQrouter 3.3.1 - 'wifi_conflict' Remote Code Execution S
HTTP Jinfornet Jreport 15.6 'SendFileServlet' Directory Traversal Vuln S
HTTP jizhi CMS 1.6.7 - 'file-upzip' Arbitrary File Download S
HTTP jizhi CMS 1.6.7 - 'start-download' Arbitrary File Download S
HTTP Joomla Fabrik 3.9.11 Directory Traversal S
HTTP K&N Concepts Club CMS 1.1 1.2 'id' SQL Injection Vuln S
HTTP LayerBB 1.1.3 'Manage Category' Cross Site Request Forgery (From Server) S
HTTP LayerBB 1.1.3 'Manage Category' Cross Site Request Forgery (To Server) S
HTTP LayerBB 1.1.3 'Manage Node' Cross Site Request Forgery (From Server) S
HTTP LayerBB 1.1.3 'Manage Node' Cross Site Request Forgery (To Server) S
HTTP LayerBB 1.1.3 'Mass Mail' Cross Site Request Forgery (From Server) S
HTTP LayerBB 1.1.3 'Mass Mail' Cross Site Request Forgery (To Server) S
HTTP LayerBB 1.1.3 'Navbar' Cross Site Request Forgery (From Server) S
HTTP LayerBB 1.1.3 'Navbar' Cross Site Request Forgery (To Server) S
HTTP Liferay Portal Java Unmarshalling Remote Code Execution S
HTTP LimeSurvey 4.1.11 'File Manager' Directory Traversal Vuln S
HTTP LimeSurvey 4.1.11 'Survey Groups' Cross-Site Scripting Vuln S
HTTP Macs Framework 1.14f 'emailAddress' Cross-Site Scripting Vuln S
HTTP Macs Framework 1.14f 'roleId' SQL Injection Vuln S
HTTP Macs Framework 1.14f 'roleId' SQL Injection Vuln_1 S
HTTP Macs Framework 1.14f 'searchString' Cross-Site Scripting Vuln S
HTTP Macs Framework 1.14f 'userId' SQL Injection Vuln S
HTTP Macs Framework 1.14f 'userId' SQL Injection Vuln_1 S
HTTP Metasploit Libnotify Arbitrary Command Execution S
HTTP MicroStrategy Intelligence Server And Web 10.4 - File Upload S
HTTP MicroStrategy Intelligence Server And Web 10.4 Information Disclosure S
HTTP multiOTP 5.0.4.4 Remote Code Execution S
HTTP NagiosXI 5.6 Remote Command Execution S
HTTP NagiosXI 5.6.11 address Remote Code Execution S
HTTP NagiosXL 5.6.11 orderby SQL Injection S
HTTP Nexus Repository Manager 3.21.1-01 Remote Code Execution S
HTTP P5 FNIP-8x16AFNIP-4xSH 'Add Admin User' CSRF Vuln (From Server) S
HTTP P5 FNIP-8x16AFNIP-4xSH 'Add Admin User' CSRF Vuln (To Server) S
HTTP P5 FNIP-8x16AFNIP-4xSH 'Modify Labels' CSRF Vuln (From Server) S
HTTP P5 FNIP-8x16AFNIP-4xSH 'Modify Labels' CSRF Vuln (To Server) S
HTTP pfSense 2.4.4-P3 'User Manager' Cross-Site Scripting Vuln S
HTTP PHPGurukul User Registration 2.0 'Manage Users' XSS Vuln (From Server) S
HTTP PHPGurukul User Registration 2.0 'Manage Users' XSS Vuln (To Server) S
HTTP PHPGurukul User Registration 2.0 'Manage Users' XSS Vuln_1 (From Server) S
HTTP PHPGurukul User Registration 2.0 'Manage Users' XSS Vuln_1 (To Server) S
HTTP PHPGurukul User Registration 2.0 'Update Profile' XSS Vuln (From Server) S
HTTP PHPGurukul User Registration 2.0 'Update Profile' XSS Vuln (To Server) S
HTTP PHPGurukul User Registration 2.0 'Update Profile' XSS Vuln_1 (From Server) S
HTTP PHPGurukul User Registration 2.0 'Update Profile' XSS Vuln_1 (To Server) S
HTTP Pinger 1.0 Remote Code Execution S
HTTP Playable 9.18 'filename' Arbitrary File Upload Vuln (From Server) S
HTTP Playable 9.18 'filename' Arbitrary File Upload Vuln (To Server) S
HTTP Playable 9.18 'filename' Cross-Site Scripting Vuln (From Server) S
HTTP Playable 9.18 'filename' Cross-Site Scripting Vuln (To Server) S
HTTP PMB 5.6 'logid' SQL Injection Vuln S
HTTP Prestashop 1.7.6.4 - CSRF S
HTTP Progress MOVEit Transfer version 11.1.1 'token' SQL Injection Vuln S
HTTP QRadar Community Edition 7.3.1.6 - 'DistribConfigHelper' Arbitrary Object Instantiation S
HTTP QRadar Community Edition 7.3.1.6 - 'SplFileObject' Arbitrary Object Instantiation S
HTTP QRadar Community Edition 7.3.1.6 CSRF Weak Access Control S
HTTP Seabreeze Consulting 'name' Cross-Site Scripting Vuln S
HTTP SeedDMS 5.1.18 'comment' Cross-Site Scripting Vuln S
HTTP SeedDMS 5.1.18 'name' Cross-Site Scripting Vuln S
HTTP SialWeb CMS eCommerce 1.0 1.1 'id' Cross-Site Scripting Vuln (To Server) S
HTTP SialWeb CMS eCommerce 1.0 1.1 Cross-Site Scripting Vuln (From Server) S
HTTP SuperBackup 2.0.5 'newPath' Persistent Cross-Site Scripting Vuln S
HTTP SuperBackup 2.0.5 'oldPath' Persistent Cross-Site Scripting Vuln S
HTTP Symantec Web Gateway 5.0.2.8 - 'file' Cross Site Scripting S
HTTP Symantec Web Gateway 5.0.2.8 Remote Code Execution S
HTTP Symantec Web Gateway 5.0.2.8 Remote Command Execution S
HTTP Sysaid 20.1.11 b26 'UploadIcon.jsp' Remote Command Execution S
HTTP ThinkPHP 5.0.23 Remote Code Execution S
HTTP Unraid 6.8.0 Authentication Bypass Arbitrary Code Execution (CVE-2020-5847) S
HTTP Unraid 6.8.0 Authentication Bypass Arbitrary Code Execution (CVE-2020-5849) S
HTTP webERP 4.15 - 'ImportBankTransaction' Blind SQL Injection S
HTTP Webtareas 2.0 Arbitrary File Read S
HTTP WordPress Event-Registration 5.43 Arbitrary File Upload Vuln S
HTTP WordPress Event-Registration 5.43 Arbitrary File Upload Vuln_1 S
HTTP WordPress Media Library Assistant 2.81 Local File Inclusion S
HTTP WSO2 API Manager Carbon Interface 3.0.0 'comment' Cross Site Scripting Vuln S
HTTP WSO2 API Manager Carbon Interface 3.0.0 'path' Cross Site Scripting Vuln S
HTTP WSO2 API Manager Carbon Interface 3.0.0 Arbitrary File Deletion S
HTTP Xeroneit Library Management System 3.0 'category_name' SQL Injection Vuln S
HTTP Zen Load Balancer 3.10.1 'index.cgi' Directory Traversal Vuln S
HTTP Zen Load Balancer 3.10.1 Remote Code Execution S
HTTP Zyxel CNM SecuManager 3.1.0 3.1.1 - 'cid2' Cross-Site Scripting S
HTTP Zyxel CNM SecuManager 3.1.0 3.1.1 - 'cpe_ids' Remote Code Execution S
HTTP Zyxel CNM SecuManager 3.1.0 3.1.1 - 'script_name' Cross-Site Scripting S
HTTP Zyxel CNM SecuManager 3.1.0 3.1.1 - Arbitrary Admin Access S
HTTP Zyxel CNM SecuManager 3.1.0 3.1.1 - Unauthorised Key Access S
Oracle Coherence Fusion Middleware Remote Code Execution S
UDP TP-Link Archer A7 File System Privilege Escalation S
UDP TP-Link Archer A7 tdpServer Command Injection Remote Code Execution S
UDP TP-Link Archer A7 tdpServer Cryptographic Key Remote Code Execution S