Search

Traffic File Update - May 2020

This Traffic IQ Professional update for May 2020 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for May 2020

170 Application Exploits

CloudMe 1.11.2 Buffer Overflow S
CloudMe 1.11.2 SEH DEP ASLR Buffer Overflow S
Druva inSync Windows Client 6.5.2 Privilege Escalation S
FTP Filetto 1.0 Denial Of Service S
FTP Konica Minolta FTP Utility 1.0 - 'LIST' Denial Of Service S
FTP Konica Minolta FTP Utility 1.0 - 'NLST' Denial Of Service S
HTTP ACal 2.2.6 Reflected Cross Site Scripting S
HTTP ACal 2.2.6 Remote Code Execution S
HTTP Apache OFBiz 17.12.03 'Account Takeover' CSRF Vuln (From Server) S
HTTP Apache OFBiz 17.12.03 'Account Takeover' CSRF Vuln (To Server) S
HTTP Apache Shiro 1.2.4 Remote Code Execution S
HTTP Apple Air Sender 1.0.2 Arbitrary File Upload Vuln S
HTTP Apple Air Sender 1.0.2 Arbitrary File Upload Vuln_1 S
HTTP Apple Easy Transfer 1.7 'path' Directory Traversal Vuln S
HTTP ATutor LMS 2.2.4 Weak Password Reset Hash S
HTTP BoltWire 6.03 'action' Directory Traversal Vuln S
HTTP Car Park Management System 1.0 'Password' SQL Injection Vuln S
HTTP Car Park Management System 1.0 'Phone' SQL Injection Vuln S
HTTP ChemInv 1 'proj_list.php' Cross-Site Scripting Vuln S
HTTP Chrome ReadableStreamClose Out-Of-Bounds Access S
HTTP Chrome TyperVisitorTypeInductionVariablePhi Type Inference S
HTTP Code Blocks 16.01 Buffer Overflow S
HTTP Craft CMS 3 vCard 1.0.0 Remote Code Execution S
HTTP CuteNews 2.1.2 Authenticated Shell Upload S
HTTP CuteNews 2.1.2 Security Bypass S
HTTP E-Commerce System 1.0 Remote Code Execution S
HTTP E-Commerce System 1.0 SQL Injection S
HTTP Edimax EW-7438RPn Information Disclosure S
HTTP EspoCRM 5.8.5 Privilege Escalation S
HTTP Extreme Networks Aerohive HiveOS 11.x Denial Of Service S
HTTP Firefox jsReadableStreamCloseInternal Out-Of-Bounds Access S
HTTP Fishing Reservation System 'code' SQL Injection Vuln S
HTTP Fishing Reservation System 'm' SQL Injection Vuln S
HTTP Fishing Reservation System 'pid' SQL Injection Vuln S
HTTP Fishing Reservation System 'type' SQL Injection Vuln S
HTTP Fishing Reservation System 'uid' SQL Injection Vuln S
HTTP Fishing Reservation System 'y' SQL Injection Vuln S
HTTP Folder Lock 3.4.5 'Create Folder' Cross-Site Scripting Vuln S
HTTP Folder Lock 3.4.5 'path' Cross-Site Scripting Vuln S
HTTP Folder Lock 3.4.5 'path' Cross-Site Scripting Vuln_1 S
HTTP Forma Association LMS E-Learning Suite 2.3.0.2 'Course_Box_Descr' XSS Vuln S
HTTP Forma Association LMS E-Learning Suite 2.3.0.2 'Course_Code' Cross Site Scripting Vuln S
HTTP Forma Association LMS E-Learning Suite 2.3.0.2 'Course_Descr' Cross Site Scripting Vuln S
HTTP Forma Association LMS E-Learning Suite 2.3.0.2 'Course_Name' Cross Site Scripting Vuln S
HTTP Forma Association LMS E-Learning Suite 2.3.0.2 'Email' Cross Site Scripting Vuln S
HTTP Forma.LMS 5.6.40 Cross Site Request Forgery S
HTTP Geeklog 2.2.1 'comment.php' SQL Injection Vuln S
HTTP Geeklog 2.2.1 'plugins.php' Cross-Site Scripting Vuln S
HTTP Geeklog 2.2.1 'plugins.php' Cross-Site Scripting Vuln_1 S
HTTP Gym Management System 1.0 Remote Code Execution S
HTTP HP LinuxKI 6.01 Remote Command Injection S
HTTP Huawei HG630 2 Router Authentication Bypass S
HTTP i-doit Open Source CMDB 1.14.1 Arbitrary File Deletion Vuln S
HTTP IBM QRadar Community Edition 7.3.1.6 Cross-Site Scripting Vuln S
HTTP iJoomla AdAgency 6.0.9 'advertiser_status' SQL Injection Vuln S
HTTP IQrouter 3.3.1 - 'email' Remote Code Execution S
HTTP IQrouter 3.3.1 - 'guestwifi_2g_ssid' Remote Code Execution S
HTTP IQrouter 3.3.1 - 'guestwifi_5g_ssid' Remote Code Execution S
HTTP IQrouter 3.3.1 - 'guest_key' Remote Code Execution S
HTTP IQrouter 3.3.1 - 'set_security_answer' Remote Code Execution S
HTTP IQrouter 3.3.1 - 'zonename' Remote Code Execution S
HTTP Joomla XCloner Backup 3.5.3 Local File Disclosure S
HTTP Kartris 1.6 Arbitrary File Upload S
HTTP Kentico CMS 12.0.14 Remote Command Execution S
HTTP LANCOM WLAN Controller 'Password' Cross-Site Scripting Vuln S
HTTP LANCOM WLAN Controller 'Refreshuser' Cross-Site Scripting Vuln S
HTTP LANCOM WLAN Controller 'Userid' Cross-Site Scripting Vuln S
HTTP LibreNMS 1.46 - 'alert-rules' SQL Injection S
HTTP LibreNMS 1.46 - 'group' SQL Injection S
HTTP Mahara 19.10.2 'descripcion' Cross-Site Scripting Vuln S
HTTP Mahara 19.10.2 'nombre' Cross-Site Scripting Vuln S
HTTP Maian Support Helpdesk 4.3 'Add Admin User' CSRF Vuln (From Server) S
HTTP Maian Support Helpdesk 4.3 'Add Admin User' CSRF Vuln (To Server) S
HTTP ManageEngine DataSecurity Plus Authentication Bypass S
HTTP MPC Sharj 3.11.1 Arbitrary File Download S
HTTP Netis E1+ 1.2.32533 Password Leak S
HTTP Netlink XPON 1GE WiFi V2801RGW Remote Command Execution S
HTTP Netsweeper WebAdmin unixlogin.php Python Code Injection S
HTTP NSClient++ 0.5.2.35 Authenticated Remote Code Execution S
HTTP Online AgroCulture Farm Management System 1.0 'pid' SQL Injection Vuln S
HTTP Online AgroCulture Farm Management System 1.0 'uname' SQL Injection Vuln S
HTTP Online Clothing Store 1.0 Arbitrary File Upload Vuln (From Server) S
HTTP Online Clothing Store 1.0 Arbitrary File Upload Vuln (To Server) S
HTTP Online Course Registration 2.0 - 'username' SQL Injection S
HTTP Online Scheduling System 1.0 'Course_Code' Cross-Site Scripting Vuln S
HTTP Online Scheduling System 1.0 'Course_Name' Cross-Site Scripting Vuln S
HTTP Online Scheduling System 1.0 'username' SQL Injection Vuln (From Server) S
HTTP Online Scheduling System 1.0 'username' SQL Injection Vuln (To Server) S
HTTP Open-AudIT 3.3.0 Cross-Site Scripting Vuln S
HTTP OpenEMR Remote Code Execution S
HTTP OpenZ ERP 3.6.60 'inpname' Cross-Site Scripting Vuln S
HTTP Oracle Hospitality RES 3700 5.7 Remote Code Execution S
HTTP Orchard Core RC1 'Create Blog' Cross-Site Scripting Vuln (From Server) S
HTTP Orchard Core RC1 'Create Blog' Cross-Site Scripting Vuln (To Server) S
HTTP Orchard Core RC1 'Edit Blog' Cross-Site Scripting Vuln (From Server) S
HTTP Orchard Core RC1 'Edit Blog' Cross-Site Scripting Vuln (To Server) S
HTTP osTicket 1.14.1 'name' Cross-Site Scripting Vuln S
HTTP Pandora FMS Ping Authenticated Remote Code Execution S
HTTP PersianScript Hits Script 1.0 'custom' SQL Injection Vuln S
HTTP PersianScript Hits Script 1.0 'item_name' SQL Injection Vuln S
HTTP PersianScript Hits Script 1.0 'item_number' SQL Injection Vuln S
HTTP PersianScript Hits Script 1.0 'mc_gross' SQL Injection Vuln S
HTTP PersianScript Hits Script 1.0 'PlusREF' SQL Injection Vuln S
HTTP PersianScript Hits Script 1.0 'register' SQL Injection Vuln S
HTTP PHP-Fusion 9.03.50 Cross-Site Scripting Vuln (From Server) S
HTTP PHP-Fusion 9.03.50 Cross-Site Scripting Vuln (To Server) S
HTTP PHP-Fusion 9.03.50 Cross-Site Scripting Vuln_1 (From Server) S
HTTP PHP-Fusion 9.03.50 Cross-Site Scripting Vuln_1 (To Server) S
HTTP PHPGurukul Complaint Management System 4.2 'Delete User' CSRF Vuln (From Server) S
HTTP PHPGurukul Complaint Management System 4.2 'Delete User' CSRF Vuln (To Server) S
HTTP PhreeBooks ERP 5.2.5 File Upload S
HTTP PhreeBooks ERP 5.2.5 Remote Command Execution S
HTTP Pi-Hole 3.3 Command Execution S
HTTP Pi-hole 4.4 Remote Code Execution S
HTTP Pisay Online E-Learning System 1.0 - 'id' SQL Injection S
HTTP Pisay Online E-Learning System 1.0 - 'user_email' SQL Injection S
HTTP Pisay Online E-Learning System 1.0 Code Execution S
HTTP POS PHP 17.5 Cross-Site Scripting Vuln (From Server) S
HTTP POS PHP 17.5 Cross-Site Scripting Vuln (To Server) S
HTTP POS PHP 17.5 Cross-Site Scripting Vuln_1 (From Server) S
HTTP POS PHP 17.5 Cross-Site Scripting Vuln_1 (To Server) S
HTTP Project Open CMS 5.0.3 'bread_crum_path' Cross-Site Scripting Vuln S
HTTP Project Open CMS 5.0.3 'bread_crum_path' Cross-Site Scripting Vuln_1 S
HTTP Project Open CMS 5.0.3 'conf_item_id' SQL Injection Vuln S
HTTP Project Open CMS 5.0.3 'forum_order_by' SQL Injection Vuln S
HTTP Project Open CMS 5.0.3 'orderby' SQL Injection Vuln S
HTTP Project Open CMS 5.0.3 'rel_path' Cross-Site Scripting Vuln S
HTTP QRadar Community Edition 7.3.1.6 Default Credentials S
HTTP School ERP Pro 1.0 'es_messagesid' SQL Injection Vuln S
HTTP School ERP Pro 1.0 'pre-editstudent.inc.php' Remote Code Execution Vuln (From Server) S
HTTP School ERP Pro 1.0 'pre-editstudent.inc.php' Remote Code Execution Vuln (To Server) S
HTTP School ERP Pro 1.0 'sendmail.inc.php' Remote Code Execution Vuln (From Server) S
HTTP School ERP Pro 1.0 'sendmail.inc.php' Remote Code Execution Vuln (To Server) S
HTTP Sentrifugo CMS 3.2 'expense_name' Cross-Site Scripting Vuln S
HTTP SMACom 1.2.0 - 'image' Insecure Transit Password Disclosure S
HTTP SMACom 1.2.0 - 'movie' Insecure Transit Password Disclosure S
HTTP SolarWinds MSP PME Cache Service Insecure File Permissions Code Execution S
HTTP Subrion CMS 4.2.1 'Remove Files' CSRF Vuln (From Server) S
HTTP Subrion CMS 4.2.1 'Remove Files' CSRF Vuln (To Server) S
HTTP Subrion CMS 4.2.1 'v[language_switch]' Cross-Site Scripting Vuln S
HTTP TAO Open Source Assessment Platform 3.3.0 RC02 XSS Vuln (From Server) S
HTTP TAO Open Source Assessment Platform 3.3.0 RC02 XSS Vuln (To Server) S
HTTP TAO Open Source Assessment Platform 3.3.0 RC02 XSS Vuln_1 (From Server) S
HTTP TAO Open Source Assessment Platform 3.3.0 RC02 XSS Vuln_1 (To Server) S
HTTP TAO Open Source Assessment Platform 3.3.0 RC02 XSS Vuln_2 (From Server) S
HTTP TAO Open Source Assessment Platform 3.3.0 RC02 XSS Vuln_2 (To Server) S
HTTP TAO Open Source Assessment Platform 3.3.0 RC02 XSS Vuln_3 (From Server) S
HTTP TAO Open Source Assessment Platform 3.3.0 RC02 XSS Vuln_3 (To Server) S
HTTP TAO Open Source Assessment Platform 3.3.0 RC02 XSS Vuln_4 (From Server) S
HTTP TAO Open Source Assessment Platform 3.3.0 RC02 XSS Vuln_4 (To Server) S
HTTP Tiny MySQL 'table' Cross-Site Scripting Vuln S
HTTP TP-LINK Cloud Cameras NCXXX Bonjour Command Injection S
HTTP TrixBox CE 2.8.0.4 Command Execution S
HTTP Tryton 5.4 'Name' Cross-Site Scripting Vuln S
HTTP TylerTech Eagle 2018.3.11 Remote Code Execution S
HTTP Victor CMS 1.0 'comment_author' Cross Site Scripting Vuln (From Server) S
HTTP Victor CMS 1.0 'comment_author' Cross Site Scripting Vuln (To Server) S
HTTP Victor CMS 1.0 'Post' SQL Injection Vuln S
HTTP Victor CMS 1.0 - 'user_firstname' Cross Site Scripting S
HTTP Victor CMS 1.0 - 'user_lastname' Cross Site Scripting S
HTTP Victor CMS 1.0 - 'user_name' Cross Site Scripting S
HTTP webERP 4.15.1 Backup Disclosure S
HTTP WebKit AudioArrayallocate Data Race Out-Of-Bounds Access S
HTTP webTareas 2.0.p8 Arbitrary File Deletion Vuln (From Server) S
HTTP webTareas 2.0.p8 Arbitrary File Deletion Vuln (To Server) S
HTTP WordPress WooCommerce Advanced Order Export 3.1.3 'woe_post_type' XSS Vuln S
HTTP Xinfire DVD Player 5.5.0.0 Buffer Overflow S
HTTP Xinfire TV Player 6.0.1.2 Buffer Overflow S
Oracle WebLogic Server 12.2.1.4.0 Remote Code Execution S
Veeam ONE Agent .NET Deserialization S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.