Search

Traffic File Update - April 2020

This Traffic IQ Professional update for April 2020 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for April 2020

154 Application Exploits

Amcrest Dahua NVR Camera IP2M-841 Denial Of Service S
HTTP 10-Strike Network Inventory Explorer 9.03 Buffer Overflow S
HTTP 10Strike LANState 9.32 Host Check hostname Buffer Overflow S
HTTP 13enforme CMS 'id' Cross-Site Scripting Vuln S
HTTP AIDA64 Engineer 6.20.5300 Buffer Overflow S
HTTP AirDisk Pro 5.5.3 'createFolder' Persistent Cross-Site Scripting Vuln (From Server) S
HTTP AirDisk Pro 5.5.3 'createFolder' Persistent Cross-Site Scripting Vuln (To Server) S
HTTP AirDisk Pro 5.5.3 'deleteFile' Persistent Cross-Site Scripting Vuln (From Server) S
HTTP AirDisk Pro 5.5.3 'deleteFile' Persistent Cross-Site Scripting Vuln (To Server) S
HTTP Artica Pandora FMS 'similar_ids' Cross-Site Scripting Vuln S
HTTP BlazeDVD 7.0.2 Buffer Overflow S
HTTP Bundeswehr Karriere ' interests' Cross-Site Scripting Vuln S
HTTP Bundeswehr Karriere 'careers' Cross-Site Scripting Vuln S
HTTP Bundeswehr Karriere 'termination' Cross-Site Scripting Vuln S
HTTP Car Rental System 2.6 'page' Cross-Site Scripting Vuln S
HTTP Centreon 19.10-3.el7 SQL Injection S
HTTP Centreon 19.10.5 'svc_id' SQL Injection Vuln S
HTTP Chrome AudioArrayAllocate Data Race Out-Of-Bounds Access S
HTTP Cisco IP Phone 11.7 Denial Of Service S
HTTP CSZ CMS 1.2.7 Cross Site Scripting S
HTTP CSZ CMS 1.2.7 HTML Injection Vuln S
HTTP DedeCMS 7.5 SP2 'activepath' Cross-Site Scripting Vuln S
HTTP DedeCMS 7.5 SP2 'activepath' Cross-Site Scripting Vuln_1 S
HTTP DedeCMS 7.5 SP2 'CKEditor' Cross-Site Scripting Vuln S
HTTP DedeCMS 7.5 SP2 'CKEditorFuncNum' Cross-Site Scripting Vuln S
HTTP DedeCMS 7.5 SP2 'filename' Cross-Site Scripting Vuln S
HTTP DedeCMS 7.5 SP2 'filename' Cross-Site Scripting Vuln_1 S
HTTP DedeCMS 7.5 SP2 'filename' Cross-Site Scripting Vuln_2 S
HTTP DedeCMS 7.5 SP2 'keyword' Cross-Site Scripting Vuln S
HTTP DedeCMS 7.5 SP2 'mid' Cross-Site Scripting Vuln S
HTTP DedeCMS 7.5 SP2 'tag' Cross-Site Scripting Vuln S
HTTP DedeCMS 7.5 SP2 'templet' Cross-Site Scripting Vuln S
HTTP DedeCMS 7.5 SP2 'userid' Cross-Site Scripting Vuln S
HTTP DrayTek Vigor2960 Vigor3900 Vigor300B Remote Command Execution S
HTTP ECK Hotel 1.0 'Add Admin User' CSRF Vuln (From Server) S
HTTP ECK Hotel 1.0 'Add Admin User' CSRF Vuln (To Server) S
HTTP Edimax EW-7438RPn 'Mac Filtering' CSRF Vuln (From Server) S
HTTP Edimax EW-7438RPn 'Mac Filtering' CSRF Vuln (To Server) S
HTTP Edimax Technology EW-7438RPn-v3 Mini 1.27 Information Disclosure S
HTTP Edimax Technology EW-7438RPn-v3 Mini 1.27 Remote Code Execution CSRF S
HTTP Edimax Technology EW-7438RPn-v3 Mini 1.27 Remote Code Execution S
HTTP Enhanced Multimedia Router 3.0.4.27 Cross Site Request Forgery S
HTTP Fork CMS 5.8.0 'Add User' Cross-Site Scripting Vuln (From Server) S
HTTP Fork CMS 5.8.0 'Add User' Cross-Site Scripting Vuln (To Server) S
HTTP Fork CMS 5.8.0 'Edit User' Cross-Site Scripting Vuln (From Server) S
HTTP Fork CMS 5.8.0 'Edit User' Cross-Site Scripting Vuln (To Server) S
HTTP Fork CMS 5.8.0 'User Registration Form' Cross-Site Scripting Vuln (From Server) S
HTTP Fork CMS 5.8.0 'User Registration Form' Cross-Site Scripting Vuln (To Server) S
HTTP Fork CMS 5.8.0 'var' Cross-Site Scripting Vuln S
HTTP FreeCommander XE 2020 Pathname Buffer Overflow S
HTTP Horde 5.2.22 CSV Import Code Execution S
HTTP IBM Data Risk Manager - Authentication Bypass S
HTTP IBM Data Risk Manager - Command Injection S
HTTP IBM Data Risk Manager - File Download S
HTTP IBM Data Risk Manager - File Upload S
HTTP IBM Data Risk Manager - User Enumeration S
HTTP IQrouter 3.3.1 - 'find_ip_address_conflict' Remote Code Execution S
HTTP IQrouter 3.3.1 - 'p1' Remote Code Execution S
HTTP IQrouter 3.3.1 - 'p2' Remote Code Execution S
HTTP IQrouter 3.3.1 - 's1' Remote Code Execution S
HTTP IQrouter 3.3.1 - 's2' Remote Code Execution S
HTTP IQrouter 3.3.1 - 'save_isp' Remote Code Execution S
HTTP IQrouter 3.3.1 - 'set_security_question' Remote Code Execution S
HTTP IQrouter 3.3.1 - 'set_wan_modem_interfaces' Remote Code Execution S
HTTP IQrouter 3.3.1 - 'vlan_tag' Remote Code Execution S
HTTP IQrouter 3.3.1 - 'wifi_conflict' Remote Code Execution S
HTTP Jinfornet Jreport 15.6 'SendFileServlet' Directory Traversal Vuln S
HTTP jizhi CMS 1.6.7 - 'file-upzip' Arbitrary File Download S
HTTP jizhi CMS 1.6.7 - 'start-download' Arbitrary File Download S
HTTP Joomla Fabrik 3.9.11 Directory Traversal S
HTTP K&N Concepts Club CMS 1.1 1.2 'id' SQL Injection Vuln S
HTTP LayerBB 1.1.3 'Manage Category' Cross Site Request Forgery (From Server) S
HTTP LayerBB 1.1.3 'Manage Category' Cross Site Request Forgery (To Server) S
HTTP LayerBB 1.1.3 'Manage Node' Cross Site Request Forgery (From Server) S
HTTP LayerBB 1.1.3 'Manage Node' Cross Site Request Forgery (To Server) S
HTTP LayerBB 1.1.3 'Mass Mail' Cross Site Request Forgery (From Server) S
HTTP LayerBB 1.1.3 'Mass Mail' Cross Site Request Forgery (To Server) S
HTTP LayerBB 1.1.3 'Navbar' Cross Site Request Forgery (From Server) S
HTTP LayerBB 1.1.3 'Navbar' Cross Site Request Forgery (To Server) S
HTTP Liferay Portal Java Unmarshalling Remote Code Execution S
HTTP LimeSurvey 4.1.11 'File Manager' Directory Traversal Vuln S
HTTP LimeSurvey 4.1.11 'Survey Groups' Cross-Site Scripting Vuln S
HTTP Macs Framework 1.14f 'emailAddress' Cross-Site Scripting Vuln S
HTTP Macs Framework 1.14f 'roleId' SQL Injection Vuln S
HTTP Macs Framework 1.14f 'roleId' SQL Injection Vuln_1 S
HTTP Macs Framework 1.14f 'searchString' Cross-Site Scripting Vuln S
HTTP Macs Framework 1.14f 'userId' SQL Injection Vuln S
HTTP Macs Framework 1.14f 'userId' SQL Injection Vuln_1 S
HTTP Metasploit Libnotify Arbitrary Command Execution S
HTTP MicroStrategy Intelligence Server And Web 10.4 - File Upload S
HTTP MicroStrategy Intelligence Server And Web 10.4 Information Disclosure S
HTTP multiOTP 5.0.4.4 Remote Code Execution S
HTTP NagiosXI 5.6 Remote Command Execution S
HTTP NagiosXI 5.6.11 address Remote Code Execution S
HTTP NagiosXL 5.6.11 orderby SQL Injection S
HTTP Nexus Repository Manager 3.21.1-01 Remote Code Execution S
HTTP P5 FNIP-8x16AFNIP-4xSH 'Add Admin User' CSRF Vuln (From Server) S
HTTP P5 FNIP-8x16AFNIP-4xSH 'Add Admin User' CSRF Vuln (To Server) S
HTTP P5 FNIP-8x16AFNIP-4xSH 'Modify Labels' CSRF Vuln (From Server) S
HTTP P5 FNIP-8x16AFNIP-4xSH 'Modify Labels' CSRF Vuln (To Server) S
HTTP pfSense 2.4.4-P3 'User Manager' Cross-Site Scripting Vuln S
HTTP PHPGurukul User Registration 2.0 'Manage Users' XSS Vuln (From Server) S
HTTP PHPGurukul User Registration 2.0 'Manage Users' XSS Vuln (To Server) S
HTTP PHPGurukul User Registration 2.0 'Manage Users' XSS Vuln_1 (From Server) S
HTTP PHPGurukul User Registration 2.0 'Manage Users' XSS Vuln_1 (To Server) S
HTTP PHPGurukul User Registration 2.0 'Update Profile' XSS Vuln (From Server) S
HTTP PHPGurukul User Registration 2.0 'Update Profile' XSS Vuln (To Server) S
HTTP PHPGurukul User Registration 2.0 'Update Profile' XSS Vuln_1 (From Server) S
HTTP PHPGurukul User Registration 2.0 'Update Profile' XSS Vuln_1 (To Server) S
HTTP Pinger 1.0 Remote Code Execution S
HTTP Playable 9.18 'filename' Arbitrary File Upload Vuln (From Server) S
HTTP Playable 9.18 'filename' Arbitrary File Upload Vuln (To Server) S
HTTP Playable 9.18 'filename' Cross-Site Scripting Vuln (From Server) S
HTTP Playable 9.18 'filename' Cross-Site Scripting Vuln (To Server) S
HTTP PMB 5.6 'logid' SQL Injection Vuln S
HTTP Prestashop 1.7.6.4 - CSRF S
HTTP Progress MOVEit Transfer version 11.1.1 'token' SQL Injection Vuln S
HTTP QRadar Community Edition 7.3.1.6 - 'DistribConfigHelper' Arbitrary Object Instantiation S
HTTP QRadar Community Edition 7.3.1.6 - 'SplFileObject' Arbitrary Object Instantiation S
HTTP QRadar Community Edition 7.3.1.6 CSRF Weak Access Control S
HTTP Seabreeze Consulting 'name' Cross-Site Scripting Vuln S
HTTP SeedDMS 5.1.18 'comment' Cross-Site Scripting Vuln S
HTTP SeedDMS 5.1.18 'name' Cross-Site Scripting Vuln S
HTTP SialWeb CMS eCommerce 1.0 1.1 'id' Cross-Site Scripting Vuln (To Server) S
HTTP SialWeb CMS eCommerce 1.0 1.1 Cross-Site Scripting Vuln (From Server) S
HTTP SuperBackup 2.0.5 'newPath' Persistent Cross-Site Scripting Vuln S
HTTP SuperBackup 2.0.5 'oldPath' Persistent Cross-Site Scripting Vuln S
HTTP Symantec Web Gateway 5.0.2.8 - 'file' Cross Site Scripting S
HTTP Symantec Web Gateway 5.0.2.8 Remote Code Execution S
HTTP Symantec Web Gateway 5.0.2.8 Remote Command Execution S
HTTP Sysaid 20.1.11 b26 'UploadIcon.jsp' Remote Command Execution S
HTTP ThinkPHP 5.0.23 Remote Code Execution S
HTTP Unraid 6.8.0 Authentication Bypass Arbitrary Code Execution (CVE-2020-5847) S
HTTP Unraid 6.8.0 Authentication Bypass Arbitrary Code Execution (CVE-2020-5849) S
HTTP webERP 4.15 - 'ImportBankTransaction' Blind SQL Injection S
HTTP Webtareas 2.0 Arbitrary File Read S
HTTP WordPress Event-Registration 5.43 Arbitrary File Upload Vuln S
HTTP WordPress Event-Registration 5.43 Arbitrary File Upload Vuln_1 S
HTTP WordPress Media Library Assistant 2.81 Local File Inclusion S
HTTP WSO2 API Manager Carbon Interface 3.0.0 'comment' Cross Site Scripting Vuln S
HTTP WSO2 API Manager Carbon Interface 3.0.0 'path' Cross Site Scripting Vuln S
HTTP WSO2 API Manager Carbon Interface 3.0.0 Arbitrary File Deletion S
HTTP Xeroneit Library Management System 3.0 'category_name' SQL Injection Vuln S
HTTP Zen Load Balancer 3.10.1 'index.cgi' Directory Traversal Vuln S
HTTP Zen Load Balancer 3.10.1 Remote Code Execution S
HTTP Zyxel CNM SecuManager 3.1.0 3.1.1 - 'cid2' Cross-Site Scripting S
HTTP Zyxel CNM SecuManager 3.1.0 3.1.1 - 'cpe_ids' Remote Code Execution S
HTTP Zyxel CNM SecuManager 3.1.0 3.1.1 - 'script_name' Cross-Site Scripting S
HTTP Zyxel CNM SecuManager 3.1.0 3.1.1 - Arbitrary Admin Access S
HTTP Zyxel CNM SecuManager 3.1.0 3.1.1 - Unauthorised Key Access S
Oracle Coherence Fusion Middleware Remote Code Execution S
UDP TP-Link Archer A7 File System Privilege Escalation S
UDP TP-Link Archer A7 tdpServer Command Injection Remote Code Execution S
UDP TP-Link Archer A7 tdpServer Cryptographic Key Remote Code Execution S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.