Traffic IQ Professional
Traffic File Update for June 2020
165 Application Exploits
HTTP Agent Tesla Panel Remote Code Execution S
HTTP AirControl 1.4.2 Remote Code Execution S
HTTP Apache Tomcat CVE-2020-9484 Proof Of Concept S
HTTP Avaya IP Office 11 Insecure Transit Password Disclosure S
HTTP Bludit 3.9.12 Directory Traversal S
HTTP Bolt CMS 3.7.0 Authenticated Remote Code Execution S
HTTP Cayin CMS NTP Server 11.0 Remote Code Execution S
HTTP Cayin Content Management Server 11.0 Root Remote Command Injection S
HTTP Cayin Digital Signage System xPost 2.5 Code Execution SQL Injection S
HTTP Cayin Signage Media Player 3.0 Root Remote Command Injection S
HTTP Cisco UCS Director downloadFile Directory Traversal Information Disclosure S
HTTP Cisco UCS Director isEnableRestKeyAccessCheckForUser Authentication Bypass S
HTTP Clinic Management System 1.0 Remote Code Execution Vuln (From Server) S
HTTP Clinic Management System 1.0 Remote Code Execution Vuln (To Server) S
HTTP College Management System PHP 1.0 'pwdtxt' SQL Injection Vuln S
HTTP College Management System PHP 1.0 'unametxt' SQL Injection Vuln S
HTTP Crystal Shard http-protection 0.2.0 IP Spoofing Bypass S
HTTP CTROMS Terminal OS Port Portal - 'Password Reset' Authentication Bypass (Metasploit) S
HTTP Documalis Free PDF Editor Buffer Overflow S
HTTP Documalis Free PDF Scanner Buffer Overflow S
HTTP Dolibarr 11.0.3 'Host' Cross-Site Scripting Vuln S
HTTP Dolibarr 11.0.3 'Port' Cross-Site Scripting Vuln S
HTTP Dolibarr 11.0.3 'Slave' Cross-Site Scripting Vuln S
HTTP Enhancesoft OSTicket 1.14.1 'Queue-Name' Cross-Site Scripting Vuln S
HTTP Enhancesoft OSTicket 1.14.1 'Queue-Name' Cross-Site Scripting Vuln_1 S
HTTP EyouCMS 1.4.6 'Index.php' Cross-Site Scripting Vuln S
HTTP FileRun 2019.05.21 'filename' Cross-Site Scripting Vuln (From Server) S
HTTP FileRun 2019.05.21 'filename' Cross-Site Scripting Vuln (To Server) S
HTTP Gila CMS 1.1.18.1 SQL Injection Shell Upload S
HTTP GilaCMS 1.11.5 'id' Cross-Site Scripting Vuln S
HTTP GilaCMS 1.11.5 'option[about-text]' Cross Site Request Forgery (From Server) S
HTTP GilaCMS 1.11.5 'option[about-text]' Cross Site Request Forgery (To Server) S
HTTP GilaCMS 1.11.5 'option[about-title]' Cross Site Request Forgery (From Server) S
HTTP GilaCMS 1.11.5 'option[about-title]' Cross Site Request Forgery (To Server) S
HTTP GilaCMS 1.11.5 'option[contact-email]' Cross Site Request Forgery (From Server) S
HTTP GilaCMS 1.11.5 'option[contact-email]' Cross Site Request Forgery (To Server) S
HTTP GilaCMS 1.11.5 'option[contact-phone]' Cross Site Request Forgery (From Server) S
HTTP GilaCMS 1.11.5 'option[contact-phone]' Cross Site Request Forgery (To Server) S
HTTP GilaCMS 1.11.5 'option[contact-text]' Cross Site Request Forgery (From Server) S
HTTP GilaCMS 1.11.5 'option[contact-text]' Cross Site Request Forgery (To Server) S
HTTP GilaCMS 1.11.5 'option[contact-title]' Cross Site Request Forgery (From Server) S
HTTP GilaCMS 1.11.5 'option[contact-title]' Cross Site Request Forgery (To Server) S
HTTP GilaCMS 1.11.5 'option[header-text]' Cross Site Request Forgery (From Server) S
HTTP GilaCMS 1.11.5 'option[header-text]' Cross Site Request Forgery (To Server) S
HTTP HFS Http File Server 2.3m Build 300 Buffer Overflow S
HTTP Inductive Automation Ignition Remote Code Execution S
HTTP Joomla J2 Store 3.3.11 'filter_order' SQL Injection Vuln S
HTTP Joomla J2 Store 3.3.11 'filter_order_Dir' SQL Injection Vuln S
HTTP Kronos WebTA 4.0 Information Disclosure S
HTTP Kronos WebTA 4.0 Privilege Escalation S
HTTP KuiCMS PHP EE 2.0 'Content' Cross-Site Scripting Vuln S
HTTP LimeSurvey 4.1.11 Permission Roles Cross-Site Scripting Vuln S
HTTP LimeSurvey 4.1.11 Permission Roles Cross-Site Scripting Vuln_1 S
HTTP LinuxKI Toolset 6.01 Remote Command Execution (MSF) S
HTTP Mereo 1.9.4 - 'GET' Denial Of Service S
HTTP Mereo 1.9.4 - 'HEAD' Denial Of Service S
HTTP Mikrotik Router Monitoring System 1.2.3 'Community' SQL Injection Vuln S
HTTP MJML 4.6.2 Path Traversal S
HTTP Monstra CMS 3.0.4 Authenticated Arbitrary File Upload Vuln (From Server) S
HTTP Monstra CMS 3.0.4 Authenticated Arbitrary File Upload Vuln (To Server) S
HTTP Navigate CMS 2.8.7 Cross Site Request Forgery (From Server) S
HTTP Navigate CMS 2.8.7 Cross Site Request Forgery (To Server) S
HTTP Navigate CMS 2.8.7 SQL Injection S
HTTP Neon LMS Shell Upload S
HTTP Neon LMS v4.6 MessagesController.php Cross-Site Scripting Vuln S
HTTP NeonLMS Learning Management System 'file' Directory Traversal Vuln S
HTTP NETGEAR R6700v3 Password Reset Remote Code Execution S
HTTP Netgear R7000 Router Remote Code Execution (From Server) S
HTTP Netgear R7000 Router Remote Code Execution (To Server) S
HTTP NOKIA VitalSuite SPM 2020 'UserName' SQL Injection Vuln (From Server) S
HTTP NOKIA VitalSuite SPM 2020 'UserName' SQL Injection Vuln (To Server) S
HTTP NukeViet VMS 4.4.00 'Add New User' CSRF Vuln (From Server) S
HTTP NukeViet VMS 4.4.00 'Add New User' CSRF Vuln (To Server) S
HTTP NukeViet VMS 4.4.00 'Change Admin Password' CSRF Vuln (From Server) S
HTTP NukeViet VMS 4.4.00 'Change Admin Password' CSRF Vuln (To Server) S
HTTP NukeViet VMS 4.4.00 'Deleting Log files' CSRF Vuln (From Server) S
HTTP NukeViet VMS 4.4.00 'Deleting Log files' CSRF Vuln (To Server) S
HTTP Odoo 12.0 - 'base' Local File Inclusion S
HTTP Odoo 12.0 - 'base_import' Local File Inclusion S
HTTP Odoo 12.0 - 'web' Local File Inclusion S
HTTP Online Chatting System 1.0 'id' SQL Injection Vuln S
HTTP Online Examination System 1.0 'eid' SQL Injection Vuln S
HTTP Online Marriage Registration System 1.0 Remote Code Execution S
HTTP Online Student Enrollment System 1.0 Arbitrary File Upload S
HTTP Online Student Enrollment System 1.0 Shell Upload S
HTTP Online-Exam-System 2015 'fid' SQL Injection Vuln S
HTTP Online-Exam-System 2015 SQL Injection S
HTTP OpenEMR 5.0.1 Remote Code Execution S
HTTP openSIS 7.4 'api_key' SQL Injection Vuln S
HTTP openSIS 7.4 'api_secret' SQL Injection Vuln S
HTTP openSIS 7.4 'api_secret' SQL Injection Vuln_1 S
HTTP openSIS 7.4 'course_id' SQL Injection Vuln S
HTTP openSIS 7.4 'event_id' SQL Injection Vuln S
HTTP openSIS 7.4 'student' SQL Injection Vuln S
HTTP Oriol Espinal CMS 1.0 'id' SQL Injection Vuln S
HTTP OXID eShop 6.3.4 'Sorting' SQL Injection Vuln S
HTTP PanaceaSoft Shell Upload S
HTTP Persian VIP Download Script 1.0 - 'active' SQL Injection S
HTTP PHP-Fusion 9.03.50 'ctype' SQL Injection Vuln S
HTTP PHP-Fusion 9.03.60 PHP Object Injection SQL Injection S
HTTP PHPGurukul Beauty Parlour Management System 1.0 'password' SQL Injection Vuln S
HTTP PHPGurukul Beauty Parlour Management System 1.0 'username' SQL Injection Vuln S
HTTP PHPGurukul Online Marriage Registration System 'haddress' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'hreligion' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'hstate' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'nofhusband' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'nofwife' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'waddress' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'waddressfirst' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'waddresssec' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'waddressthird' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'witnessnamef' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'witnessnames' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'witnessnamet' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'wreligion' Cross-Site Scripting Vuln S
HTTP PHPGurukul Online Marriage Registration System 'wstate' Cross-Site Scripting Vuln S
HTTP Pi-Hole 4.3.2 DHCP MAC OS Command Execution S
HTTP Pydio Cells 2.0.4 - Account Security Bypass (CVE-2020-12848) S
HTTP Pydio Cells 2.0.4 - Arbritrary File Read (CVE-2020-12851) S
HTTP Pydio Cells 2.0.4 - Arbritrary File Write (CVE-2020-12851) S
HTTP Pydio Cells 2.0.4 - File Uploads XSS (CVE-2020-12853) S
HTTP Pydio Cells 2.0.4 - Mailer Remote Code Execution (CVE-2020-12847) S
HTTP Pydio Cells 2.0.4 - Profile Pictures XSS (CVE-2020-12849) S
HTTP qdPM 9.1 'cfg[app_app_name]' Cross-Site Scripting Vuln (From Server) S
HTTP qdPM 9.1 'cfg[app_app_name]' Cross-Site Scripting Vuln (To Server) S
HTTP QNAP QTS And Photo Station 6.0.3 Remote Command Execution S
HTTP QuickBox Pro 2.1.8 Remote Code Execution S
HTTP Secure Computing SnapGear Management Console 'Add Super User' CSRF Vuln (From Server) S
HTTP Secure Computing SnapGear Management Console 'Add Super User' CSRF Vuln (To Server) S
HTTP Secure Computing SnapGear Management Console Arbitrary File Delete Vuln (From Server) S
HTTP Secure Computing SnapGear Management Console Arbitrary File Delete Vuln (To Server) S
HTTP Secure Computing SnapGear Management Console Arbitrary File Read Vuln (From Server) S
HTTP Secure Computing SnapGear Management Console Arbitrary File Read Vuln (To Server) S
HTTP Secure Computing SnapGear Management Console Arbitrary File Write Vuln (From Server) S
HTTP Secure Computing SnapGear Management Console Arbitrary File Write Vuln (To Server) S
HTTP Student Enrollment 1.0 Remote Code Execution S
HTTP Sysax MultiServer 6.90 'sid' Cross-Site Scripting Vuln S
HTTP TP-LINK Cloud Cameras NCXXX Stack Overflow S
HTTP Trend Micro InterScan Web Security Virtual Appliance Apache Solr Authentication Bypass S
HTTP Trend Micro InterScan Web Security Virtual Appliance Apache Solr Directory Traversal S
HTTP Trend Micro InterScan Web Security Virtual Appliance Command Injection RCE S
HTTP Victor CMS 1.0 'register.php' Cross-Site Scripting Vuln S
HTTP Victor CMS 1.0 'register.php' Cross-Site Scripting Vuln_1 S
HTTP Victor CMS 1.0 Shell Upload Vuln (From Server) S
HTTP Victor CMS 1.0 Shell Upload Vuln (To Server) S
HTTP Virtual Airlines Manager 2.6.2 'airport' SQL Injection Vuln S
HTTP Virtual Airlines Manager 2.6.2 'event_id' SQL Injection Vuln S
HTTP Virtual Airlines Manager 2.6.2 'hub_id' SQL Injection Vuln S
HTTP Virtual Airlines Manager 2.6.2 'notam_id' SQL Injection Vuln S
HTTP Virtual Airlines Manager 2.6.2 'pilot_id' SQL Injection Vuln S
HTTP Virtual Airlines Manager 2.6.2 'plane_location' SQL Injection Vuln S
HTTP Virtual Airlines Manager 2.6.2 'registry_id' SQL Injection Vuln S
HTTP Virtual Airlines Manager 2.6.2 'tour_id' SQL Injection Vuln S
HTTP VMWare vCloud Director 9.7.0.15498291 Remote Code Execution S
HTTP We-Com Municipality Portal CMS 2.1.x 'keywords' SQL Injection Vuln S
HTTP WebLogic Server Deserialization Remote Code Execution S
HTTP WebPort 1.19.1 - 'log' Cross Site Scripting S
HTTP WebPort 1.19.1 - 'setup' Cross Site Scripting S
HTTP WordPress BBPress 2.5 Privilege Escalation S
HTTP WordPress Drag And Drop File Upload Contact Form 1.3.3.2 Shell Upload S
HTTP WordPress Form Maker 5.4.1 'S' SQL Injection Vuln S
HTTP WordPress Multi-Scheduler 1.0.0 'Delete Records' CSRF Vuln (From Server) S
HTTP WordPress Multi-Scheduler 1.0.0 'Delete Records' CSRF Vuln (To Server) S
HTTP WordPress Ultimate Addons For Beaver Builder 1.2.4.1 Authentication Bypass S
UDP BIND TSIG Denial Of Service S