Search

Traffic File Update - October 2020

This Traffic IQ Professional update for October 2020 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for October 2020

150 Application Exploits

HTTP Agent Tesla Botnet 'get-log.php' Cross Site Scripting S
HTTP Agent Tesla Botnet 'get-screens.php' Cross Site Scripting S
HTTP Agent Tesla Botnet 'get-webcams.php' Cross Site Scripting S
HTTP Alumni Management System 1.0 index.php - 'password' SQL injection S
HTTP Alumni Management System 1.0 index.php - 'username' SQL injection S
HTTP Apache Struts 2 Remote Code Execution S
HTTP berliCRM 1.0.24 index.php - 'src_record' SQL injection (From Server) S
HTTP berliCRM 1.0.24 index.php - 'src_record' SQL injection (To Server) S
HTTP BlogEngine 3.3 Open Redirection S
HTTP BlogEngine 3.3 XML Injection S
HTTP BrightSign Digital Signage Diagnostic Web Server 8.2.26 'url' Server-Side RF S
HTTP Chrome MediaElementEventListenerUpdateSources Use-After-Free S
HTTP Cisco ASA FTD 9.6.4.42 Path Traversal S
HTTP Company Visitor Management System 1.0 index.php - 'password' SQL Injection S
HTTP Company Visitor Management System 1.0 index.php - 'username' SQL Injection S
HTTP CS-Cart 1.3.3 Local File Inclusion S
HTTP CSE Bookstore 1.0 SQL Injection S
HTTP D-Link DSR-250N Denial Of Service S
HTTP DedeCMS 5.8 Cross Site Scripting S
HTTP DynPG 4.9.1 index.php - 'NEW_GROUP_NAME' Cross-Site Scripting (From Server) S
HTTP DynPG 4.9.1 index.php - 'NEW_GROUP_NAME' Cross-Site Scripting (To Server) S
HTTP EasyPMS 1.0.0 Authentication Bypass S
HTTP EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Bypass S
HTTP Employee Management Sys 1.0 addemp.php - 'firstName' Cross-Site Scripting (From Server) S
HTTP Employee Management Sys 1.0 addemp.php - 'firstName' Cross-Site Scripting (To Server) S
HTTP Employee Management Sys 1.0 addemp.php - 'lastName' Cross-Site Scripting (From Server) S
HTTP Employee Management Sys 1.0 addemp.php - 'lastName' Cross-Site Scripting (To Server) S
HTTP Employee Management System 1.0 alogin.php - 'password' SQL injection S
HTTP Employee Management System 1.0 alogin.php - 'username' SQL injection S
HTTP FTP2FTP 1.0 download2.php - 'id' Directory Traversal S
HTTP Garfield Petshop 2020-10-01 Cross Site Request Forgery S
HTTP Genexis Platinum-4410 P4410-V2-1.28 Cross Site Request Forgery (From Server) S
HTTP Genexis Platinum-4410 P4410-V2-1.28 Cross Site Request Forgery (To Server) S
HTTP GetSimple CMS 3.3.16 settings.php - 'permalink' Cross-Site Scripting S
HTTP Gym Management System 1.0 'description' Cross Site Scripting S
HTTP Gym Management System 1.0 'id' SQL Injection S
HTTP Gym Management System 1.0 'package' Cross Site Scripting S
HTTP Gym Management System 1.0 'username' SQL Injection S
HTTP Hashicorp Vault AWS IAM Integration Authentication Bypass (CVE-2020-16250) S
HTTP Hashicorp Vault AWS IAM Integration Authentication Bypass (CVE-2020-16251) S
HTTP HiSilicon Video Encoder 1.97 File Disclosure Path Traversal S
HTTP HiSilicon Video Encoder Backdoor Password S
HTTP HiSilicon Video Encoder Buffer Overflow Denial Of Service S
HTTP HiSilicon Video Encoder Command Injection S
HTTP Hostel Management System 2.1 index.php - 'Address' Cross-Site Scripting S
HTTP Hostel Management System 2.1 index.php - 'City' Cross-Site Scripting S
HTTP Hostel Management System 2.1 index.php - 'Guardian Contact no' Cross-Site Scripting S
HTTP Hostel Management System 2.1 index.php - 'Guardian Name' Cross-Site Scripting S
HTTP Hostel Management System 2.1 index.php - 'Guardian Relation' Cross-Site Scripting S
HTTP Icewarp WebMail 11.4.5.0 Cross Site Scripting S
HTTP InoERP 0.7.2 Remote Code Execution S
HTTP Jenkins 2.63 Sandbox Bypass S
HTTP Karel IP Phone IP1211 cgiServer.exx - 'page' Directory Traversal S
HTTP Krpano Panorama Viewer 1.20.8 Cross Site Scripting S
HTTP Liman 0.7 Password - 'Password Change' Cross-Site Request Forgery (From Server) S
HTTP Liman 0.7 Password - 'Password Change' Cross-Site Request Forgery (To Server) S
HTTP Liman 0.7 Profile - 'Account Take Over' Cross-Site Request Forgery (From Server) S
HTTP Liman 0.7 Profile - 'Account Take Over' Cross-Site Request Forgery (To Server) S
HTTP Lot Reservation Management System 1.0 'description' Cross Site Scripting S
HTTP Lot Reservation Management System 1.0 'name' Cross Site Scripting S
HTTP Lot Reservation Management System 1.0 SQL Injection S
HTTP MailDepot 2032 SP2 (2.2.1242) Authorization Bypass S
HTTP Mailman 2.1.23 Cross Site Scripting S
HTTP Mantis Bug Tracker 2.3.0 - Password Reset S
HTTP MedDream PACS Server 6.8.3.751 Remote Code Execution S
HTTP Microhard Systems 3G4G Cellular Ethernet and Serial Gateway CSRF (From Server) S
HTTP Microhard Systems 3G4G Cellular Ethernet and Serial Gateway CSRF (To Server) S
HTTP Microhard Systems 3G4G Cellular Ethernet and Serial Gateway CSRF_1 (From Server) S
HTTP Microhard Systems 3G4G Cellular Ethernet and Serial Gateway CSRF_1 (To Server) S
HTTP Microsoft SharePoint SSI ViewState Remote Code Execution S
HTTP Microsoft SharePoint SSI ViewState Server-Side Include S
HTTP Nagios XI 5.7.3 index.php - 'id' SQL injection (From Server) S
HTTP Nagios XI 5.7.3 index.php - 'id' SQL injection (To Server) S
HTTP Nagios XI 5.7.3 index.php - 'tfName' Cross-Site Scripting S
HTTP Nagios XI 5.7.3 Remote Command Injection S
HTTP Online Discussion Forum Site 1.0 Cross Site Scripting S
HTTP Online Examination System 1.0 Cross Site Scripting S
HTTP Online Scheduling System 1.0 Authentication Bypass S
HTTP Online Student's Management System SQL Injection S
HTTP Open-AudIT Professional 3.3.1 Authentication Bypass S
HTTP Open-AudIT Professional 3.3.1 Remote Code Execution S
HTTP openMAINT 1.1-2.4.2 Arbitrary File Upload S
HTTP Oracle WebLogic Server Remote Code Execution S
HTTP Pandora FMS 7.0NG Persistent Cross-Site Scripting S
HTTP Pandora FMS 7.0NG Remote Code Execution S
HTTP Photo Share Website 1.0 ajax.php - 'comment' Cross-Site Scripting S
HTTP Platinum Mobile 1.0.4.850 'MyAccount' - Authorization Bypass S
HTTP Platinum Mobile 1.0.4.850 'payslip' - Authorization Bypass S
HTTP PlaySMS index.php Unauthenticated Template Injection Code Execution S
HTTP ReQuest Serious Play F3 Media Server 7.0.3 'poweroff' Denial Of Service S
HTTP ReQuest Serious Play F3 Media Server 7.0.3 'reboot' Denial Of Service S
HTTP ReQuest Serious Play F3 Media Server 7.0.3 Debug Log Disclosure S
HTTP Restaurant Reservation System 1.0 reservation.inc.php - 'date' SQL inj (From Server) S
HTTP Restaurant Reservation System 1.0 reservation.inc.php - 'date' SQL inj (To Server) S
HTTP Rite CMS 2.2.1 Remote Code Execution S
HTTP Sabberworm PHP CSS Code Injection S
HTTP Sage DPW 2020_06_000 2020_06_001 cgiip.exe - 'suchtext' Cross-Site Scripting S
HTTP Sage DPW 2020_06_000 2020_06_001 cgiip.exe - 'suchtxt' Cross-Site Scripting S
HTTP School Faculty Scheduling System 1.0 ajax.php - 'password' SQL injection (From Server) S
HTTP School Faculty Scheduling System 1.0 ajax.php - 'password' SQL injection (To Server) S
HTTP School Faculty Scheduling System 1.0 ajax.php - 'username' SQL injection (From Server) S
HTTP School Faculty Scheduling System 1.0 ajax.php - 'username' SQL injection (To Server) S
HTTP School Faculty Scheduling System 1.0 index.php - 'course' XSS (From Server) S
HTTP School Faculty Scheduling System 1.0 index.php - 'course' XSS (To Server) S
HTTP School Faculty Scheduling System 1.0 index.php - 'description' XSS (From Server) S
HTTP School Faculty Scheduling System 1.0 index.php - 'description' XSS (To Server) S
HTTP SEO Panel 4.6.0 Remote Code Execution S
HTTP Simple Grocery Store Sales And Inventory System 1.0 login.php - 'password' SQL injection S
HTTP Simple Grocery Store Sales And Inventory System 1.0 login.php - 'user' SQL injection S
HTTP SimplePHPGal 0.7 Remote File Inclusion S
HTTP Smart SMS & Email Manager 3.3 phonebook - 'contact_type_id' SQL injection S
HTTP SpamTitan 7.07 Remote Code Execution S
HTTP SpinetiX Fusion Digital Signage 3.4.8 index.php - 'Add Admin' CSRF (From Server) S
HTTP SpinetiX Fusion Digital Signage 3.4.8 index.php - 'Add Admin' CSRF (To Server) S
HTTP SpinetiX Fusion Digital Signage 3.4.8 index.php - 'SystemBackup[name]' Dir Traversal S
HTTP Student Result Management System 1.0 add_results.php - 'class_name' SQL injection S
HTTP Student Result Management System 1.0 add_results.php - 'rno' SQL injection S
HTTP Student Result Management System 1.0 login.php - 'userid' SQL injection S
HTTP Student Result Management System 1.0 manage_results.php - 'class' SQL injection S
HTTP Student Result Management System 1.0 manage_results.php - 'class_name' SQL injection S
HTTP Student Result Management System 1.0 manage_results.php - 'rn' SQL injection S
HTTP Student Result Management System 1.0 manage_results.php - 'rno' SQL injection S
HTTP Student Result Management System 1.0 student.php - 'class' SQL injection S
HTTP Tailor MS 1.0 - Reflected Cross-Site Scripting S
HTTP Textpattern CMS 4.6.2 index.php - 'body' Cross-Site Scripting (From Server) S
HTTP Textpattern CMS 4.6.2 index.php - 'body' Cross-Site Scripting (To Server) S
HTTP Textpattern CMS 4.6.2 index.php - 'textile_body' Cross-Site Scripting (From Server) S
HTTP Textpattern CMS 4.6.2 index.php - 'textile_body' Cross-Site Scripting (To Server) S
HTTP Textpattern CMS 4.6.2 index.php - 'title' Cross-Site Scripting (From Server) S
HTTP Textpattern CMS 4.6.2 index.php - 'title' Cross-Site Scripting (To Server) S
HTTP Tiki Wiki CMS Groupware 21.1 Authentication Bypass S
HTTP TimeClock Software 1.01 SQL Injection S
HTTP Tourism Management System 1.0 create-package.php File Upload (From Server) S
HTTP Tourism Management System 1.0 create-package.php File Upload (To Server) S
HTTP Twitter Analytics Open Redirect S
HTTP Typesetter CMS 5.1 Configuration - 'title' Cross-Site Scripting S
HTTP Typesetter CMS 5.1 Remote Code Execution S
HTTP Vesta Control Panel Authenticated Remote Code Execution S
HTTP Visitor Management System In PHP 1.0 Cross Site Scripting S
HTTP WebsiteBaker 2.12.2 Remote Code Execution S
HTTP WebsiteBaker 2.12.2 save.php - 'display_name' SQL Injection S
HTTP WordPress HS Brand Logo Slider 2.1 Shell Upload S
HTTP WordPress Plugin Job Manager 4.1.0 'job_description' Cross-Site Scripting (From Server) S
HTTP WordPress Plugin Job Manager 4.1.0 'job_description' Cross-Site Scripting (To Server) S
HTTP WordPress Plugin Job Manager 4.1.0 'job_title' Cross-Site Scripting (From Server) S
HTTP WordPress Plugin Job Manager 4.1.0 'job_title' Cross-Site Scripting (To Server) S
HTTP xtCommerce 5.4.1 6.2.1 6.2.2 Improper Access Control S
HTTP Zoo Management System 1.0 index.php - 'password' SQL injection S
HTTP Zoo Management System 1.0 index.php - 'user' SQL injection S
UDP BACnet Test Server 1.01 Remote Denial Of Service S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.