Search

Traffic File Update - December 2020

This Traffic IQ Professional update for December 2020 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for December 2020

130 Application Exploits

HTTP Advanced Component System (ACS) 1.0 Path Traversal S
HTTP Alumni Management System 1.0 Shell Upload S
HTTP Apache OpenMeetings 5.0.0 Denial Of Service S
HTTP Apple Super Backup 2.0.5 download - 'Path' Directory Traversal S
HTTP ATX MiniCMTS200a Broadband Gateway 2.0 - Credential Disclosure S
HTTP Barcodes Generator 1.0 Cross Site Scripting S
HTTP Car Rental Management System 1.0 index.php - 'Page' Local File Inclusion S
HTTP CCt99 Chichen Tech CMS 1.0 product_list.php - 'Cid' SQL injection S
HTTP CCt99 Chichen Tech CMS 1.0 product_list.php - 'ID' SQL injection S
HTTP CMS Made Simple 2.2.15 moduleinterface.php Cross-Site Scripting (From Server) S
HTTP CMS Made Simple 2.2.15 moduleinterface.php Cross-Site Scripting (To Server) S
HTTP Coaster CMS 5.8.18 login - 'Edit Page' Tab Cross-Site Scripting S
HTTP Courier Management System 1.0 'ref_no' SQL Injection S
HTTP Courier Management System 1.0 'street' SQL Injection S
HTTP Dup Scout Enterprise 10.0.18 'customer_name' Buffer Overflow S
HTTP Dup Scout Enterprise 10.0.18 'sid' Buffer Overflow S
HTTP Dup Scout Enterprise 10.0.18 'unlock_key' Buffer Overflow S
HTTP eClass LMS 2.6 Shell Upload S
HTTP EGavilanMedia Address Book 1.0 login.php - 'Password' SQL injection (From Server) S
HTTP EGavilanMedia Address Book 1.0 login.php - 'Password' SQL injection (To Server) S
HTTP EGavilanMedia Address Book 1.0 login.php - 'User ID' SQL injection (From Server) S
HTTP EGavilanMedia Address Book 1.0 login.php - 'User ID' SQL injection (To Server) S
HTTP Employee Performance Evaluation System 1.0 Insecure Direct Object Reference S
HTTP Expense M'ment Sys expense_action.php - 'Description' Cross-Site Scripting (From Server) S
HTTP Expense M'ment Sys expense_action.php - 'Description' Cross-Site Scripting (To Server) S
HTTP Foxit Reader 9.0.1.1049 Arbitrary Code Execution S
HTTP Fujitsu Eternus Storage DX200 S4 Broken Authentication S
HTTP Grav CMS 1.6.30 Cross Site Scripting S
HTTP Heroic Knowledge Base 3.0.1 admin-ajax.php - 'Allow' Cross-Site Scripting (From Server) S
HTTP Heroic Knowledge Base 3.0.1 admin-ajax.php - 'Allow' Cross-Site Scripting (To Server) S
HTTP Heroic Knowledge Base 3.0.1 admin-ajax.php - 'Display' XSS (From Server) S
HTTP Heroic Knowledge Base 3.0.1 admin-ajax.php - 'Display' XSS (To Server) S
HTTP Heroic Knowledge Base 3.0.1 admin-ajax.php - 'ID' Cross-Site Scripting (From Server) S
HTTP Heroic Knowledge Base 3.0.1 admin-ajax.php - 'ID' Cross-Site Scripting (To Server) S
HTTP Heroic Knowledge Base 3.0.1 admin-ajax.php - 'ID' SQL injection (From Server) S
HTTP Heroic Knowledge Base 3.0.1 admin-ajax.php - 'ID' SQL injection (To Server) S
HTTP Intelbras Router RF 301K 1.1.2 Authentication Bypass S
HTTP Invision Community 4.5.4 admin - 'Profile' Cross-Site Scripting S
HTTP Laravel Administrator 4 File Upload S
HTTP Laravel Nova 3.7.0 Denial Of Service S
HTTP LEPTON CMS 4.7.0 save.php - 'URL' Cross-Site Scripting (From Server) S
HTTP LEPTON CMS 4.7.0 save.php - 'URL' Cross-Site Scripting (To Server) S
HTTP Library Management System 2.0 admin - 'Password' SQL Injection (From Server) S
HTTP Library Management System 2.0 admin - 'Password' SQL Injection (To Server) S
HTTP Library Management System 2.0 admin - 'Username' SQL Injection (From Server) S
HTTP Library Management System 2.0 admin - 'Username' SQL Injection (To Server) S
HTTP Linksys RE6500 1.0.11.001 Remote Code Execution S
HTTP Local Service Search Engine M'ment Sys 1.0 ajax.php - 'Password' SQL inj (From Server) S
HTTP Local Service Search Engine M'ment Sys 1.0 ajax.php - 'Password' SQL inj (To Server) S
HTTP Local Service Search Engine M'ment Sys 1.0 ajax.php - 'Username' SQL inj (From Server) S
HTTP Local Service Search Engine M'ment Sys 1.0 ajax.php - 'Username' SQL inj (To Server) S
HTTP Medical Center Portal Management System - Authentication Bypass S
HTTP Medical Center Portal Management System - SQL Injection S
HTTP Microsoft SharePoint SSI ViewState 'zoombldr.aspx' Remote Code Execution S
HTTP MiniCMS 1.10 page-edit.php - 'Content' Cross-Site Scripting (From Server) S
HTTP MiniCMS 1.10 page-edit.php - 'Content' Cross-Site Scripting (To Server) S
HTTP MiniWeb HTTP Server 0.8.19 Buffer Overflow S
HTTP Moodle 3.8 Arbitary File Upload S
HTTP NetSurveillance Unauthorized Password Change S
HTTP Onilne Bus Booking System Project 1.0 Cross Site Scripting S
HTTP Online Bus Ticket Reservation 1.0 index.php - 'Password' SQL injection (From Server) S
HTTP Online Bus Ticket Reservation 1.0 index.php - 'Password' SQL injection (To Server) S
HTTP Online Bus Ticket Reservation 1.0 index.php - 'Username' SQL injection (From Server) S
HTTP Online Bus Ticket Reservation 1.0 index.php - 'Username' SQL injection (To Server) S
HTTP Online Job Portal In PHP PDO 1.0 index.php - 'Category' SQL injection (From Server) S
HTTP Online Job Portal In PHP PDO 1.0 index.php - 'Category' SQL injection (To Server) S
HTTP Online News Portal System 1.0 index.php - 'Title' Cross-Site Scripting S
HTTP Online Voting System Project in PHP reg_action.php - 'Username' XSS (From Server) S
HTTP Online Voting System Project in PHP reg_action.php - 'Username' XSS (To Server) S
HTTP OpenAsset Digital Asset Management CSRF (From Server) S
HTTP OpenAsset Digital Asset Management CSRF (To Server) S
HTTP OpenAsset Digital Asset Management SQL Injection S
HTTP OpenCart 3.0.3.6 - Cross Site Request Forgery (From Server) S
HTTP OpenCart 3.0.3.6 - Cross Site Request Forgery (To Server) S
HTTP Openfire 4.6.0 - 'groupchatJID' Stored XSS S
HTTP Openfire 4.6.0 - 'sql' Stored XSS S
HTTP Openfire 4.6.0 - 'users' Stored XSS S
HTTP Openfire 4.6.0 db-access.jsp - 'SQL' Cross-Site Scripting S
HTTP Openfire 4.6.0 nodejs.jsp - 'Path' Cross-Site Scripting S
HTTP Perfex CRM 2.4.4 Client - 'Company' Cross-Site Scripting (From Server) S
HTTP Perfex CRM 2.4.4 Client - 'Company' Cross-Site Scripting (To Server) S
HTTP Pharmacy Store Management System 1.0 edituser - 'ID' SQL injection S
HTTP PHPScript SGH 0.1.0 admins.php - 'ID' SQL injection S
HTTP PrestaShop ProductComments 4.2.0 SQL Injection S
HTTP Ruckus IoT Controller 1.5.1.0.21 Remote Code Execution S
HTTP Rukovoditel 2.6.1 - CSRF - Change password (From Server) S
HTTP Rukovoditel 2.6.1 - CSRF - Change password (To Server) S
HTTP Rukovoditel 2.6.1 Local File Inclusion S
HTTP Rukovoditel 2.6.1 Shell Upload S
HTTP Seacms 11.1 'ip' Remote Command Execution S
HTTP Seacms 11.1 'weburl' Remote Command Execution S
HTTP Seacms 11.1 Cross Site Scripting S
HTTP Seacms 11.1 Local File Inclusion S
HTTP Seowon 130-SLC 1.0.11 Remote Code Execution S
HTTP Simple College Website 1.0 Local File Inclusion S
HTTP Student Result Management System 1.0 index.php - 'Email' SQL inj (From Server) S
HTTP Student Result Management System 1.0 index.php - 'Email' SQL inj (To Server) S
HTTP Student Result Management System 1.0 index.php - 'Password' SQL inj (To Server) S
HTTP Student Result Management System 1.0 index.php - 'Passwordl' SQL inj (From Server) S
HTTP Task Management System 1.0 Local File Inclusion S
HTTP Textpattern CMS 4.6.2 index.php - 'Site' CSRF (From Server) S
HTTP Textpattern CMS 4.6.2 index.php - 'Site' CSRF (To Server) S
HTTP TP-Link TL-WA855RE V5_200415 Device Reset Authentication Bypass S
HTTP Trend Micro IMSVA - 'database' Information Disclosure (CVE-2020-27019) S
HTTP Trend Micro IMSVA - 'key' Information Disclosure (CVE-2020-27019) S
HTTP TypeSetter 5.1 Preferences - 'Email' Cross-Site Request Forgery (From Server) S
HTTP TypeSetter 5.1 Preferences - 'Email' Cross-Site Request Forgery (To Server) S
HTTP vBulletin 5.6.3 Cross Site Scripting S
HTTP VestaCP 0.9.8-26 'admin' Session Validation S
HTTP VestaCP 0.9.8-26 'admin' Token Session S
HTTP VestaCP 0.9.8-26 'user' Session Validation S
HTTP VestaCP 0.9.8-26 'user' Token Session S
HTTP VestaCP 0.9.8-26 image.php - 'Period' Cross-Site Scripting S
HTTP VestaCP 0.9.8-26 image.php - 'Period' Cross-Site Scripting_1 S
HTTP Victor CMS 1.0 SQL Injection S
HTTP WebDamn User Registration And Login System With User Panel login.php - 'Email' SQL inj S
HTTP WonderCMS 3.1.3 Remote Code Execution S
HTTP WordPress Age Gate 2.13.4 Open Redirect S
HTTP WordPress DirectoriesPro 1.3.45 Cross Site Scripting S
HTTP WordPress EventON Calendar 3.0.5 Cross Site Scripting S
HTTP WordPress Fancy Product Designer For WooCommerce 4.5.1 File Upload S
HTTP WordPress Simple File List Unauthenticated Remote Code Execution S
HTTP WordPress Total Upkeep 1.14.9 - 'archive' Disclosure S
HTTP WordPress Total Upkeep 1.14.9 - 'env-info.php' Disclosure S
HTTP WordPress Total Upkeep 1.14.9 - 'plugin' Disclosure S
HTTP WordPress WP-FileManager 6.8 Remote Code Execution S
Malware GET Request Associated with Cryptojacking (b2f628fff19fda999999999) S
Malware GET Request Associated with Cryptojacking (global.bitmex.com.de) S
Malware GET Request Associated with Cryptojacking (SE5DB0E07C3D7BE80V201007) S
Malware GET Request Associated with Cryptojacking (SE5DB0E07C3D7BE80V520) S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.