Search

Traffic File Update - June 2020

This Traffic IQ Professional update for June 2020 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for June 2020

165 Application Exploits

HTTP Agent Tesla Panel Remote Code Execution S
HTTP AirControl 1.4.2 Remote Code Execution S
HTTP Apache Tomcat CVE-2020-9484 Proof Of Concept S
HTTP Avaya IP Office 11 Insecure Transit Password Disclosure S
HTTP Bludit 3.9.12 Directory Traversal S
HTTP Bolt CMS 3.7.0 Authenticated Remote Code Execution S
HTTP Cayin CMS NTP Server 11.0 Remote Code Execution S
HTTP Cayin Content Management Server 11.0 Root Remote Command Injection S
HTTP Cayin Digital Signage System xPost 2.5 Code Execution SQL Injection S
HTTP Cayin Signage Media Player 3.0 Root Remote Command Injection S
HTTP Cisco UCS Director downloadFile Directory Traversal Information Disclosure S
HTTP Cisco UCS Director isEnableRestKeyAccessCheckForUser Authentication Bypass S
HTTP Clinic Management System 1.0 Remote Code Execution Vuln (From Server) S
HTTP Clinic Management System 1.0 Remote Code Execution Vuln (To Server) S
HTTP College Management System PHP 1.0 'pwdtxt' SQL Injection Vuln S
HTTP College Management System PHP 1.0 'unametxt' SQL Injection Vuln S
HTTP Crystal Shard http-protection 0.2.0 IP Spoofing Bypass S
HTTP CTROMS Terminal OS Port Portal - 'Password Reset' Authentication Bypass (Metasploit) S
HTTP Documalis Free PDF Editor Buffer Overflow S
HTTP Documalis Free PDF Scanner Buffer Overflow S
HTTP Dolibarr 11.0.3 'Host' Cross-Site Scripting Vuln S
HTTP Dolibarr 11.0.3 'Port' Cross-Site Scripting Vuln S
HTTP Dolibarr 11.0.3 'Slave' Cross-Site Scripting Vuln S
HTTP Enhancesoft OSTicket 1.14.1 'Queue-Name' Cross-Site Scripting Vuln S
HTTP Enhancesoft OSTicket 1.14.1 'Queue-Name' Cross-Site Scripting Vuln_1 S
HTTP EyouCMS 1.4.6 'Index.php' Cross-Site Scripting Vuln S
HTTP FileRun 2019.05.21 'filename' Cross-Site Scripting Vuln (From Server) S
HTTP FileRun 2019.05.21 'filename' Cross-Site Scripting Vuln (To Server) S
HTTP Gila CMS 1.1.18.1 SQL Injection Shell Upload S
HTTP GilaCMS 1.11.5 'id' Cross-Site Scripting Vuln S
HTTP GilaCMS 1.11.5 'option[about-text]' Cross Site Request Forgery (From Server) S
HTTP GilaCMS 1.11.5 'option[about-text]' Cross Site Request Forgery (To Server) S
HTTP GilaCMS 1.11.5 'option[about-title]' Cross Site Request Forgery (From Server) S
HTTP GilaCMS 1.11.5 'option[about-title]' Cross Site Request Forgery (To Server) S
HTTP GilaCMS 1.11.5 'option[contact-email]' Cross Site Request Forgery (From Server) S
HTTP GilaCMS 1.11.5 'option[contact-email]' Cross Site Request Forgery (To Server) S
HTTP GilaCMS 1.11.5 'option[contact-phone]' Cross Site Request Forgery (From Server) S
HTTP GilaCMS 1.11.5 'option[contact-phone]' Cross Site Request Forgery (To Server) S
HTTP GilaCMS 1.11.5 'option[contact-text]' Cross Site Request Forgery (From Server) S
HTTP GilaCMS 1.11.5 'option[contact-text]' Cross Site Request Forgery (To Server) S
HTTP GilaCMS 1.11.5 'option[contact-title]' Cross Site Request Forgery (From Server) S
HTTP GilaCMS 1.11.5 'option[contact-title]' Cross Site Request Forgery (To Server) S
HTTP GilaCMS 1.11.5 'option[header-text]' Cross Site Request Forgery (From Server) S
HTTP GilaCMS 1.11.5 'option[header-text]' Cross Site Request Forgery (To Server) S
HTTP HFS Http File Server 2.3m Build 300 Buffer Overflow S
HTTP Inductive Automation Ignition Remote Code Execution S
HTTP Joomla J2 Store 3.3.11 'filter_order' SQL Injection Vuln S
HTTP Joomla J2 Store 3.3.11 'filter_order_Dir' SQL Injection Vuln S
HTTP Kronos WebTA 4.0 Information Disclosure S
HTTP Kronos WebTA 4.0 Privilege Escalation S
HTTP KuiCMS PHP EE 2.0 'Content' Cross-Site Scripting Vuln S
HTTP LimeSurvey 4.1.11 Permission Roles Cross-Site Scripting Vuln S
HTTP LimeSurvey 4.1.11 Permission Roles Cross-Site Scripting Vuln_1 S
HTTP LinuxKI Toolset 6.01 Remote Command Execution (MSF) S
HTTP Mereo 1.9.4 - 'GET' Denial Of Service S
HTTP Mereo 1.9.4 - 'HEAD' Denial Of Service S
HTTP Mikrotik Router Monitoring System 1.2.3 'Community' SQL Injection Vuln S
HTTP MJML 4.6.2 Path Traversal S
HTTP Monstra CMS 3.0.4 Authenticated Arbitrary File Upload Vuln (From Server) S
HTTP Monstra CMS 3.0.4 Authenticated Arbitrary File Upload Vuln (To Server) S
HTTP Navigate CMS 2.8.7 Cross Site Request Forgery (From Server) S
HTTP Navigate CMS 2.8.7 Cross Site Request Forgery (To Server) S
HTTP Navigate CMS 2.8.7 SQL Injection S
HTTP Neon LMS Shell Upload S
HTTP Neon LMS v4.6 MessagesController.php Cross-Site Scripting Vuln S
HTTP NeonLMS Learning Management System 'file' Directory Traversal Vuln S
HTTP NETGEAR R6700v3 Password Reset Remote Code Execution S
HTTP Netgear R7000 Router Remote Code Execution (From Server) S
HTTP Netgear R7000 Router Remote Code Execution (To Server) S
HTTP NOKIA VitalSuite SPM 2020 'UserName' SQL Injection Vuln (From Server) S
HTTP NOKIA VitalSuite SPM 2020 'UserName' SQL Injection Vuln (To Server) S
HTTP NukeViet VMS 4.4.00 'Add New User' CSRF Vuln (From Server) S
HTTP NukeViet VMS 4.4.00 'Add New User' CSRF Vuln (To Server) S
HTTP NukeViet VMS 4.4.00 'Change Admin Password' CSRF Vuln (From Server) S
HTTP NukeViet VMS 4.4.00 'Change Admin Password' CSRF Vuln (To Server) S
HTTP NukeViet VMS 4.4.00 'Deleting Log files' CSRF Vuln (From Server) S
HTTP NukeViet VMS 4.4.00 'Deleting Log files' CSRF Vuln (To Server) S
HTTP Odoo 12.0 - 'base' Local File Inclusion S
HTTP Odoo 12.0 - 'base_import' Local File Inclusion S
HTTP Odoo 12.0 - 'web' Local File Inclusion S
HTTP Online Chatting System 1.0 'id' SQL Injection Vuln S
HTTP Online Examination System 1.0 'eid' SQL Injection Vuln S
HTTP Online Marriage Registration System 1.0 Remote Code Execution S
HTTP Online Student Enrollment System 1.0 Arbitrary File Upload S
HTTP Online Student Enrollment System 1.0 Shell Upload S
HTTP Online-Exam-System 2015 'fid' SQL Injection Vuln S
HTTP Online-Exam-System 2015 SQL Injection S
HTTP OpenEMR 5.0.1 Remote Code Execution S
HTTP openSIS 7.4 'api_key' SQL Injection Vuln S
HTTP openSIS 7.4 'api_secret' SQL Injection Vuln S
HTTP openSIS 7.4 'api_secret' SQL Injection Vuln_1 S
HTTP openSIS 7.4 'course_id' SQL Injection Vuln S
HTTP openSIS 7.4 'event_id' SQL Injection Vuln S
HTTP openSIS 7.4 'student' SQL Injection Vuln S
HTTP Oriol Espinal CMS 1.0 'id' SQL Injection Vuln S
HTTP OXID eShop 6.3.4 'Sorting' SQL Injection Vuln S
HTTP PanaceaSoft Shell Upload S
HTTP Persian VIP Download Script 1.0 - 'active' SQL Injection S
HTTP PHP-Fusion 9.03.50 'ctype' SQL Injection Vuln S
HTTP PHP-Fusion 9.03.60 PHP Object Injection SQL Injection S
HTTP PHPGurukul Beauty Parlour Management System 1.0 'password' SQL Injection Vuln S
HTTP PHPGurukul Beauty Parlour Management System 1.0 'username' SQL Injection Vuln S
HTTP PHPGurukul Online Marriage Registration System 'haddress' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'hreligion' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'hstate' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'nofhusband' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'nofwife' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'waddress' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'waddressfirst' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'waddresssec' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'waddressthird' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'witnessnamef' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'witnessnames' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'witnessnamet' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'wreligion' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'wstate' Cross-Site Scripting Vuln S
HTTP Pi-Hole 4.3.2 DHCP MAC OS Command Execution S
HTTP Pydio Cells 2.0.4 - Account Security Bypass (CVE-2020-12848) S
HTTP Pydio Cells 2.0.4 - Arbritrary File Read (CVE-2020-12851) S
HTTP Pydio Cells 2.0.4 - Arbritrary File Write (CVE-2020-12851) S
HTTP Pydio Cells 2.0.4 - File Uploads XSS (CVE-2020-12853) S
HTTP Pydio Cells 2.0.4 - Mailer Remote Code Execution (CVE-2020-12847) S
HTTP Pydio Cells 2.0.4 - Profile Pictures XSS (CVE-2020-12849) S
HTTP qdPM 9.1 'cfg[app_app_name]' Cross-Site Scripting Vuln (From Server) S
HTTP qdPM 9.1 'cfg[app_app_name]' Cross-Site Scripting Vuln (To Server) S
HTTP QNAP QTS And Photo Station 6.0.3 Remote Command Execution S
HTTP QuickBox Pro 2.1.8 Remote Code Execution S
HTTP Secure Computing SnapGear Management Console 'Add Super User' CSRF Vuln (From Server) S
HTTP Secure Computing SnapGear Management Console 'Add Super User' CSRF Vuln (To Server) S
HTTP Secure Computing SnapGear Management Console Arbitrary File Delete Vuln (From Server) S
HTTP Secure Computing SnapGear Management Console Arbitrary File Delete Vuln (To Server) S
HTTP Secure Computing SnapGear Management Console Arbitrary File Read Vuln (From Server) S
HTTP Secure Computing SnapGear Management Console Arbitrary File Read Vuln (To Server) S
HTTP Secure Computing SnapGear Management Console Arbitrary File Write Vuln (From Server) S
HTTP Secure Computing SnapGear Management Console Arbitrary File Write Vuln (To Server) S
HTTP Student Enrollment 1.0 Remote Code Execution S
HTTP Sysax MultiServer 6.90 'sid' Cross-Site Scripting Vuln S
HTTP TP-LINK Cloud Cameras NCXXX Stack Overflow S
HTTP Trend Micro InterScan Web Security Virtual Appliance Apache Solr Authentication Bypass S
HTTP Trend Micro InterScan Web Security Virtual Appliance Apache Solr Directory Traversal S
HTTP Trend Micro InterScan Web Security Virtual Appliance Command Injection RCE S
HTTP Victor CMS 1.0 'register.php' Cross-Site Scripting Vuln S
HTTP Victor CMS 1.0 'register.php' Cross-Site Scripting Vuln_1 S
HTTP Victor CMS 1.0 Shell Upload Vuln (From Server) S
HTTP Victor CMS 1.0 Shell Upload Vuln (To Server) S
HTTP Virtual Airlines Manager 2.6.2 'airport' SQL Injection Vuln S
HTTP Virtual Airlines Manager 2.6.2 'event_id' SQL Injection Vuln S
HTTP Virtual Airlines Manager 2.6.2 'hub_id' SQL Injection Vuln S
HTTP Virtual Airlines Manager 2.6.2 'notam_id' SQL Injection Vuln S
HTTP Virtual Airlines Manager 2.6.2 'pilot_id' SQL Injection Vuln S
HTTP Virtual Airlines Manager 2.6.2 'plane_location' SQL Injection Vuln S
HTTP Virtual Airlines Manager 2.6.2 'registry_id' SQL Injection Vuln S
HTTP Virtual Airlines Manager 2.6.2 'tour_id' SQL Injection Vuln S
HTTP VMWare vCloud Director 9.7.0.15498291 Remote Code Execution S
HTTP We-Com Municipality Portal CMS 2.1.x 'keywords' SQL Injection Vuln S
HTTP WebLogic Server Deserialization Remote Code Execution S
HTTP WebPort 1.19.1 - 'log' Cross Site Scripting S
HTTP WebPort 1.19.1 - 'setup' Cross Site Scripting S
HTTP WordPress BBPress 2.5 Privilege Escalation S
HTTP WordPress Drag And Drop File Upload Contact Form 1.3.3.2 Shell Upload S
HTTP WordPress Form Maker 5.4.1 'S' SQL Injection Vuln S
HTTP WordPress Multi-Scheduler 1.0.0 'Delete Records' CSRF Vuln (From Server) S
HTTP WordPress Multi-Scheduler 1.0.0 'Delete Records' CSRF Vuln (To Server) S
HTTP WordPress Ultimate Addons For Beaver Builder 1.2.4.1 Authentication Bypass S
UDP BIND TSIG Denial Of Service S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.