Search

Traffic File Update - November 2020

This Traffic IQ Professional update for November 2020 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for November 2020

143 Application Exploits

HTTP Apache Flink 1.9.x Remote Code Execution S
HTTP Apache Flink 1.9.x Shell Upload S
HTTP Apache Struts 2.5.20 Double OGNL Evaluation S
HTTP ASUS TM-AC1900 Arbitrary Command Execution S
HTTP Best Support System 3.0.4 Cross-Site Scripting (From Server) S
HTTP Best Support System 3.0.4 Cross-Site Scripting (To Server) S
HTTP BlogEngine 3.3.8 Cross Site Scripting S
HTTP Car Rental Management System 1.0 'img' Shell Upload S
HTTP Car Rental Management System 1.0 'save_car' Shell Upload S
HTTP Car Rental Management System 1.0 - Arbitrary File Upload S
HTTP Car Rental Management System 1.0 booking.php - 'car_id' SQL injection S
HTTP Car Rental Management System 1.0 SQL Injection S
HTTP Car Rental Management System 1.0 viewbill.php - 'id' SQL injection S
HTTP Citadel WebCit Session Hijacking S
HTTP CMS Made Simple 2.1.6 Server-Side Template Injection S
HTTP CMSUno 1.6.2 'lang' Remote Code Execution S
HTTP CMSUno 1.6.2 Remote Code Execution S
HTTP Complaints Report Management System 1.0 Remote Code Execution S
HTTP Complaints Report Management System 1.0 SQL Injection S
HTTP Customer Support System 1.0 ajax.php - 'Admin Account Takeover' CSRF (From Server) S
HTTP Customer Support System 1.0 ajax.php - 'Admin Account Takeover' CSRF (To Server) S
HTTP Customer Support System 1.0 ajax.php - 'Description' Cross-Site Scripting (From Server) S
HTTP Customer Support System 1.0 ajax.php - 'Description' Cross-Site Scripting (To Server) S
HTTP Customer Support System 1.0 ajax.php - 'Password' SQL injection (From Server) S
HTTP Customer Support System 1.0 ajax.php - 'Password' SQL injection (To Server) S
HTTP Customer Support System 1.0 ajax.php - 'Username' SQL injection (From Server) S
HTTP Customer Support System 1.0 ajax.php - 'Username' SQL injection (To Server) S
HTTP ElkarBackup 1.3.3 Policy - 'Policy[Description]' Cross-Site Scripting (From Server) S
HTTP ElkarBackup 1.3.3 Policy - 'Policy[Description]' Cross-Site Scripting (To Server) S
HTTP ElkarBackup 1.3.3 Policy - 'Policy[name]' Cross-Site Scripting (From Server) S
HTTP ElkarBackup 1.3.3 Policy - 'Policy[Name]' Cross-Site Scripting (To Server) S
HTTP Fortinet FortiOS 6.0.4 Password Modification S
HTTP Foxit Reader 9.7.1 Remote Command Execution S
HTTP FreeType Load_SBit_Png Heap Buffer Overflow S
HTTP Froxlor 0.10.16 admin_customers.php - 'Firstname' Cross-Site Scripting S
HTTP Froxlor 0.10.16 admin_customers.php - 'Name' Cross-Site Scripting S
HTTP Froxlor 0.10.16 admin_customers.php - 'Username' Cross-Site Scripting S
HTTP Gemtek WVRTM-127ACN 01.01.02.141 Command Injection S
HTTP HorizontCMS 1.0.0-beta Shell Upload S
HTTP Hotel Management System 1.0 Remote Code Execution S
HTTP Hrsale 2.0.0 - Local File Inclusion S
HTTP iDS6 DSSPro Digital Signage System 6.2 'Add User' CSRF (From Server) S
HTTP iDS6 DSSPro Digital Signage System 6.2 'Add User' CSRF (To Server) S
HTTP iDS6 DSSPro Digital Signage System 6.2 'admin' Password Disclosure S
HTTP iDS6 DSSPro Digital Signage System 6.2 'regular' Password Disclosure S
HTTP iDS6 DSSPro Digital Signage System 6.2 Get CAPTCHA Code S
HTTP iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation 'Create Role' S
HTTP iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation 'Create User' S
HTTP iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation 'Delete User' S
HTTP iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation 'List Roles' S
HTTP iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation 'List Users' S
HTTP iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation 'Role Permissions' S
HTTP iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation 'Update Role' S
HTTP iDS6 DSSPro Digital Signage System 6.2 Use CAPTCHA Code S
HTTP Joomla SIGE 3.4.1-FREE 3.5.3-PRO print.php - 'img' Local File Inclusion S
HTTP Joomla SIGE 3.4.1-FREE 3.5.3-PRO print.php - 'Name' Cross-Site Scripting S
HTTP Joomla SIGE 3.4.1-FREE 3.5.3-PRO print.php - 'Title' Cross-Site Scripting S
HTTP MMonit 3.7.4 Password Disclosure S
HTTP MMonit 3.7.4 Privilege Escalation S
HTTP Monitorr 1.7.6m Authorization Bypass S
HTTP Monitorr 1.7.6m Remote Code Execution S
HTTP Multi Restaurant Table Res Sys 1.0 manage-insert.php - 'Tablename' XSS (From Server) S
HTTP Multi Restaurant Table Res Sys 1.0 manage-insert.php - 'Tablename' XSS (To Server) S
HTTP Multi Restaurant Table Reservation Sys 1.0 menu-list.php - 'Food_type' XSS (From Server) S
HTTP Multi Restaurant Table Reservation Sys 1.0 menu-list.php - 'Food_type' XSS (To Server) S
HTTP Multi Restaurant Table Reservation Sys 1.0 menu-list.php - 'Itemname' XSS (From Server) S
HTTP Multi Restaurant Table Reservation Sys 1.0 menu-list.php - 'Itemname' XSS (To Server) S
HTTP Multi Restaurant Table Reservation Sys 1.0 menu-list.php - 'Madeby' XSS (From Server) S
HTTP Multi Restaurant Table Reservation Sys 1.0 menu-list.php - 'Madeby' XSS (To Server) S
HTTP Multi Restaurant Table Reservation Sys 1.0 view-chair-list.php - 'table_id' SQL inj S
HTTP Multi Restaurant Table Reservation System 1.0 profile.php - 'Fullname' XSS (From Server) S
HTTP Multi Restaurant Table Reservation System 1.0 profile.php - 'Fullname' XSS (To Server) S
HTTP Nagios Log Server 2.1.7 create_snapshot - 'snapshot_name' XSS (From Server) S
HTTP Nagios Log Server 2.1.7 create_snapshot - 'snapshot_name' XSS (To Server) S
HTTP nopCommerce Store 4.30 TaskUpdate - 'Name' Cross-Site Scripting (From Server) S
HTTP nopCommerce Store 4.30 TaskUpdate - 'Name' Cross-Site Scripting (To Server) S
HTTP Online Book Store 1.0 SQL Injection S
HTTP Online Library Management System 1.0 Shell Upload S
HTTP Online News Portal Local File Inclusion S
HTTP OpenCart 3.0.3.6 index.php - 'Subject' Cross-Site Scripting (From Server) S
HTTP OpenCart 3.0.3.6 index.php - 'Subject' Cross-Site Scripting (To Server) S
HTTP Oracle Business Intelligence Enterprise Edition 'getPreviewImage' LFI S
HTTP Oracle Weblogic 10.3.6.0.0 Remote Command Execution S
HTTP osCommerce 2.3.4.1 newsletters.php - 'Title' Cross-Site Scripting (From Server) S
HTTP osCommerce 2.3.4.1 newsletters.php - 'Title' Cross-Site Scripting (To Server) S
HTTP OX App Suite OX Documents 7.10.3 diagnostic 'param' Cross-Site Scripting S
HTTP Pandora FMS 7.0 NG 749 ajax.php - 'Data' SQL injection S
HTTP PDW File Browser 1.3 File Manipulation S
HTTP PDW File Browser 1.3 Reflected Cross Site Scripting S
HTTP PDW File Browser 1.3 Shell Upload S
HTTP PDW File Browser 1.3 Stored Cross Site Scripting S
HTTP PESCMS TEAM 2.3.2 'id' Cross-Site Scripting S
HTTP PESCMS TEAM 2.3.2 'id' Cross-Site Scripting_1 S
HTTP PESCMS TEAM 2.3.2 'id' Cross-Site Scripting_2 S
HTTP PESCMS TEAM 2.3.2 'id' Cross-Site Scripting_3 S
HTTP PMB 5.6 Local File Disclosure Directory Traversal S
HTTP Point Of Sales 1.0 Cross Site Scripting S
HTTP Point Of Sales 1.0 SQL Injection S
HTTP Processwire CMS 2.4.0 Local File Inclusion S
HTTP ReQuest Serious Play F3 Media Server 7.0.3 Unauthenticated Remote Code Execution S
HTTP SaltStack Salt REST API Arbitrary Command Execution S
HTTP School Log Management System 1.0 Code Execution S
HTTP School Log Management System 1.0 SQL Injection S
HTTP Sentrifugo 3.2 'announcements' Remote Code Execution S
HTTP Sentrifugo 3.2 'assets' Remote Code Execution S
HTTP Sentrifugo 3.2 Shell Upload S
HTTP ShoreTel Conferencing 19.46.1802.0 index.php - PATH_INFO' Cross- Site Scripting S
HTTP Simple College Website 1.0 Code Execution S
HTTP Simple College Website 1.0 SQL Injection S
HTTP SmartBlog 2.0.1 Blind SQL Injection S
HTTP Sokrates SOWA SowaSQL sowacgi.php - 'typ' Cross-Site Scripting S
HTTP Sphider Search Engine 1.3.6 Remote Code Execution S
HTTP Student Attendance Management System 1.0 Code Execution S
HTTP Student Attendance Management System 1.0 SQL Injection S
HTTP SugarCRM 6.5.18 index.php - 'Alternate Address State' Cross-Site Scripting S
HTTP SugarCRM 6.5.18 index.php - 'Primary Address State' Cross-Site Scripting S
HTTP SuiteCRM 7.11.15 Admin Access S
HTTP SuiteCRM 7.11.15 Logfile CSRF S
HTTP SuiteCRM 7.11.15 Remote Code Execution S
HTTP TestBox CFML Test Framework 4.1.0 Arbitrary File Write Code Execution S
HTTP TestBox CFML Test Framework 4.1.0 index.cfm - 'path' Directory Traversal S
HTTP Trend Micro IMSVA - (CVE-2020-27016) CSRF (From Server) S
HTTP Trend Micro IMSVA - (CVE-2020-27016) CSRF (To Server) S
HTTP Trend Micro IMSVA - Server Side Request Forgery (SSRF) (CVE-2020-27018) S
HTTP Trend Micro IMSVA - XML External Entity Processing (XXE) (CVE-2020-27017) S
HTTP Typesetter CMS 5.1 Remote Code Execution (Authenticated) S
HTTP Ultimate Project Manager CRM PRO 2.05 SQL Injection S
HTTP User Reg & Login and User Management Sys 2.1 loginsystem - 'Password' SQL injection S
HTTP User Reg & Login and User Management Sys 2.1 loginsystem - 'User ID' SQL injection S
HTTP Water Billing System 1.0 edituser.php - 'id' SQL injection S
HTTP Water Billing System 1.0 process.php - 'Password' SQL injection (From Server) S
HTTP Water Billing System 1.0 process.php - 'Password' SQL injection (To Server) S
HTTP Water Billing System 1.0 process.php - 'Username' SQL injection (From Server) S
HTTP Water Billing System 1.0 process.php - 'Username' SQL injection (To Server) S
HTTP Wonder CMS 3.1.3 'Page' Cross-Site Scripting (From Server) S
HTTP Wonder CMS 3.1.3 'Page' Cross-Site Scripting (To Server) S
HTTP WonderCMS 3.1.3 uploadFile Cross-Site Scripting (From Server) S
HTTP WonderCMS 3.1.3 uploadFile Cross-Site Scripting (To Server) S
HTTP WordPress File Manager 6.8 Remote Code Execution S
HTTP WordPress Good LMS 2.1.4 lightbox-form.php - 'id' SQL injection Vuln S
HTTP WordPress Rest Google Maps index.php - 'fields' SQL injection S
HTTP xuucms 3 search.php - 'Keywords' SQL injection S
UDP QSC Q-SYS Core Manager 8.2.1 Directory Traversal S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.