Search

Traffic File Update - September 2020

This Traffic IQ Professional update for September 2020 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for September 2020

138 Application Exploits

FTP Pachev FTP Server 1.0 Path Traversal S
HTTP 1CRM 8.6.7 Insecure Direct Object Reference S
HTTP Anchor CMS 0.12.7 Cross-Site Scripting Vuln (From Server) S
HTTP Anchor CMS 0.12.7 Cross-Site Scripting Vuln (To Server) S
HTTP AnyDesk GUI Format String Write S
HTTP Artica 4.3.000000 Authentication Bypass Command Injection S
HTTP B-swiss 3 Digital Signage System 3.6.5 Backdoor Remote Code Execution S
HTTP B-swiss 3 Digital Signage System 3.6.5 Database Disclosure S
HTTP BigTree CMS 4.4.10 - 'table' SQL Injection S
HTTP BigTree CMS 4.4.10 - Remote Code Execution S
HTTP BigTree CMS 4.4.10 - Stored Cross-Site Scripting S
HTTP BlackCat CMS 1.3.6 'Amend User Permissions' CSRF Vuln (From Server) S
HTTP BlackCat CMS 1.3.6 'Amend User Permissions' CSRF Vuln (To Server) S
HTTP Bolt CMS 3.7.0 XSS S
HTTP Cabot 0.11.12 Cross Site Scripting S
HTTP CMS Made Simple 2.2.14 Shell Upload S
HTTP Comodo Unified Threat Management Web Console 2.7.0 Remote Code Execution S
HTTP CuteNews 2.1.2 Authentication Bypass S
HTTP CuteNews 2.1.2 Remote Code Execution S
HTTP D-Link DGS-1210-28 Denial Of Service S
HTTP ElkarBackup 1.3.3 'name' Cross-Site Scripting Vuln S
HTTP Flatpress Add Blog 1.0.3 'admin.php' Cross-Site Scripting Vuln (From Server) S
HTTP Flatpress Add Blog 1.0.3 'admin.php' Cross-Site Scripting Vuln (To Server) S
HTTP Fuel CMS 1.4.8 'fuel_replace_id' SQL Injection Vuln (From Server) S
HTTP Fuel CMS 1.4.8 'fuel_replace_id' SQL Injection Vuln (To Server) S
HTTP GetSimple CMS Multi User 1.8.2 'Add Admin' CSRF Vuln (From Server) S
HTTP GetSimple CMS Multi User 1.8.2 'Add Admin' CSRF Vuln (To Server) S
HTTP GetSimple CMS Multi User 1.8.2 'Delete User or Admin' CSRF Vuln (From Server) S
HTTP GetSimple CMS Multi User 1.8.2 'Delete User or Admin' CSRF Vuln (To Server) S
HTTP Grocy 2.7.1 Cross Site Scripting S
HTTP Jenkins 2.56 CLI Deserialization Code Execution S
HTTP Joomla Adagency 6.1.2 'id' Cross-Site Scripting Vuln S
HTTP Joomla GMapFP J3.5 J3.5F Arbitrary File Upload S
HTTP Joomla! paGO Commerce 2.5.9.0 'filter_published' SQL Injection Vuln (From Server) S
HTTP Joomla! paGO Commerce 2.5.9.0 'filter_published' SQL Injection Vuln (To Server) S
HTTP Joplin 1.0.245 Arbitrary Code Execution S
HTTP LimeSurvey 4.3.10 'Surveymenu[parent_id]' Cross-Site Scripting Vuln S
HTTP LimeSurvey 4.3.10 'Surveymenu[title]' Cross-Site Scripting Vuln S
HTTP ManageEngine Applications Manager Authenticated Remote Code Execution S
HTTP ManageEngine Desktop Central Deserialization Remote Code Execution S
HTTP Mara CMS 7.5 - Remote Code Execution (Authenticated) S
HTTP Microsoft SQL Server Reporting Services 2016 Remote Code Execution S
HTTP Mida eFramework 2.8.9 Remote Code Execution S
HTTP Mida Solutions eFramework ajaxreq.php Command Injection S
HTTP Mobile Shop System 1.0 'login.php' SQL Injection Vuln (From Server) S
HTTP Mobile Shop System 1.0 'login.php' SQL Injection Vuln (To Server) S
HTTP Mobile Shop System 1.0 'LoginAsAdmin.php' SQL Injection Vuln (From Server) S
HTTP Mobile Shop System 1.0 'LoginAsAdmin.php' SQL Injection Vuln (To Server) S
HTTP MonoCMS Blog 1.0 - Arbitrary File Deletion S
HTTP moziloCMS 2.0 Cross Site Scripting S
HTTP Navy Federal 'Type' Cross-Site Scripting Vuln S
HTTP Online Book Store 1.0 'id' SQL Injection Vuln S
HTTP Online Food Ordering System 1.0 Remote Code Execution S
HTTP Online Shop Project 1.0 'p' SQL Injection Vuln S
HTTP Online Shopping Alphaware 1.0 Insecure Direct Object Reference S
HTTP Online Shopping Alphaware 1.0 Unauthorized Administrative Access S
HTTP OS4Ed openSIS 'course_period_id' SQL Injection Vuln S
HTTP OS4Ed openSIS 'id' SQL Injection Vuln S
HTTP OS4Ed openSIS 'meet_date' SQL Injection Vuln S
HTTP OS4Ed openSIS CheckDuplicateStudent.php - 'bday' SQL injection S
HTTP OS4Ed openSIS CheckDuplicateStudent.php - 'bmonth' SQL injection S
HTTP OS4Ed openSIS CheckDuplicateStudent.php - 'byear' SQL injection S
HTTP OS4Ed openSIS CheckDuplicateStudent.php - 'fn' SQL injection S
HTTP OS4Ed openSIS CheckDuplicateStudent.php - 'ln' SQL injection S
HTTP OS4Ed openSIS CheckDuplicateStudent.php - 'mn' SQL injection S
HTTP OS4Ed openSIS ChooseCP.php - 'id' SQL injection S
HTTP OS4Ed openSIS CourseMoreInfo.php - 'id' SQL injection S
HTTP OS4Ed openSIS DownloadWindow.php - 'down_id' SQL injection S
HTTP OS4Ed openSIS EmailCheck.php - 'email' SQL injection S
HTTP OS4Ed openSIS EmailCheckOthers.php - 'email' SQL injection S
HTTP OS4Ed openSIS GetSchool.php - 'u' SQL injection S
HTTP OS4Ed openSIS Index.php - 'username' SQL injection S
HTTP OS4Ed openSIS MassDropModal.php - 'id' SQL injection S
HTTP OS4Ed openSIS Modules.php - Path Traversal S
HTTP OS4Ed openSIS ResetUserInfo.php - 'password_stf_email' SQL injection S
HTTP OS4Ed openSIS ResetUserInfo.php - 'uname' SQL injection S
HTTP OS4Ed openSIS ResetUserInfo.php - 'username_stf_email' SQL injection S
HTTP OS4Ed openSIS Validator.php - 'stfid' SQL injection S
HTTP Piwigo 2.10.1 'file' Cross-Site Scripting Vuln S
HTTP ProjectWorlds Online Shopping System 'cart_add.php' SQL Injection Vuln S
HTTP RAD SecFlow-1v SF_0290_2.3.01.26 - CSRF (Reboot) (From Server) S
HTTP RAD SecFlow-1v SF_0290_2.3.01.26 - CSRF (Reboot) (To Server) S
HTTP Red Lion N-Tron 702-W 702M12-W 2.0.26 CSRF (From Server) S
HTTP Red Lion N-Tron 702-W 702M12-W 2.0.26 CSRF (To Server) S
HTTP Red Lion N-Tron 702-W 702M12-W 2.0.26 Reflected XSS S
HTTP Red Lion N-Tron 702-W 702M12-W 2.0.26 Stored XSS S
HTTP Scopia XT Desktop 8.3.915.4 Cross Site Request Forgery (From Server) S
HTTP Scopia XT Desktop 8.3.915.4 Cross Site Request Forgery (To Server) S
HTTP Seat Reservation System 1.0 'id' SQL Injection Vuln S
HTTP Seat Reservation System 1.0 'password' SQL Injection Vuln (From Server) S
HTTP Seat Reservation System 1.0 'password' SQL Injection Vuln (To Server) S
HTTP Seat Reservation System 1.0 'username' SQL Injection Vuln (From Server) S
HTTP Seat Reservation System 1.0 'username' SQL Injection Vuln (To Server) S
HTTP Seat Reservation System 1.0 Shell Upload S
HTTP Sickbeard 0.1 Command Injection S
HTTP Simple Online Food Ordering System 1.0 'view_prod.php' SQL Injection Vuln S
HTTP SiteMagic CMS 4.4.2 Shell Upload S
HTTP Sony IPELA Network Camera Remote Stack Buffer Overflow S
HTTP SpamTitan 7.07 - Security Bypass S
HTTP SpamTitan 7.07 Arbitrary File Read (CVE-2020-11700) S
HTTP SpamTitan 7.07 Remote Code Execution (CVE-2020-11699) S
HTTP SpamTitan 7.07 Remote Code Execution (CVE-2020-11803) S
HTTP SpamTitan 7.07 Remote Code Execution (CVE-2020-11804) S
HTTP SpinetiX Fusion Digital Signage 3.4.8 Database Backup Disclosure S
HTTP SpinetiX Fusion Digital Signage 3.4.8 Username Enumeration S
HTTP Symphony CMS 3.0.0 'fields[body]' Cross-Site Scripting Vuln (From Server) S
HTTP Symphony CMS 3.0.0 'fields[body]' Cross-Site Scripting Vuln (To Server) S
HTTP Tailor Management System 'addmeasurement.php' SQL Injection Vuln S
HTTP Tailor Management System 'staffcatedit.php' SQL Injection Vuln S
HTTP Tailor Management System 'staffedit.php' SQL Injection Vuln S
HTTP Tailor MS 1.0 Cross Site Scripting S
HTTP Tea LaTex 1.0 Remote Code Execution S
HTTP ThinkAdmin 6 Arbitrary File Read S
HTTP Travel Management System 1.0 SQL Injection Vuln S
HTTP UBICOD Medivision Digital Signage 1.5.1 Privilege Escalation (From Server) S
HTTP UBICOD Medivision Digital Signage 1.5.1 Privilege Escalation (To Server) S
HTTP vBulletin 'type' Cross-Site Scripting Vuln S
HTTP Visitor Management System In PHP 1.0 'rid' SQL Injection Vuln S
HTTP VTENEXT 19 CE - File Upload S
HTTP VTENEXT 19 CE - Remote Code Execution S
HTTP Warehouse Inventory System 1.0 - CSRF (Change Admin Password) (From Server) S
HTTP Warehouse Inventory System 1.0 - CSRF (Change Admin Password) (To Server) S
HTTP WordPress Click To Top 1.2.7 Cross-Site Scripting Vuln S
HTTP WordPress Colorbox Lightbox 1.1.2 'hyperlink' Cross-Site Scripting Vuln S
HTTP Wordpress Easy Media Download 1.1.4 'text' Cross-Site Scripting Vuln S
HTTP WordPress Elegant Testimonial 1.1.6 'company' Cross-Site Scripting Vuln S
HTTP WordPress Elegant Testimonial 1.1.6 'name' Cross-Site Scripting Vuln S
HTTP WordPress Elegant Testimonial 1.1.6 'text' Cross-Site Scripting Vuln S
HTTP WordPress Fancybox Lightbox 1.0.1 'hyperlink' Cross-Site Scripting Vuln S
HTTP WordPress NextGen Gallery Sell Photo 1.0.5 Cross-Site Scripting Vuln S
HTTP WordPress Responsive Lightbox2 1.0.2 'hyperlink' Cross-Site Scripting Vuln S
HTTP WordPress Sell Photo 1.0.5 Cross-Site Scripting Vuln S
HTTP XenForo 2.1.10 Patch 2 'description' Cross-Site Scripting Vuln S
HTTP XenForo 2.1.10 Patch 2 'title' Cross-Site Scripting Vuln S
HTTP Yaws 2.0.7 Command Injection S
HTTP Yaws 2.0.7 XML Injection S
HTTP ZTE F602W CAPTCHA Bypass S
UDP Kamailio 5.4.0 Header Smuggling S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.