| AfterLogic |
C110001: AfterLogic, PHP Object Injection to Remote Code Execution (pre-auth) |
| Bolt CMS |
C1110: Bolt CMS <= 3.7.1, Profiler = RCE (pre-auth)
B2: Bolt CMS <= 3.7.1, Profiler + Extensions = RCE (pre-auth) |
| CodeIgniter4 |
C110000: CodeIgniter4, file deletion Gadget Chain |
| D-Link |
C101101: D-Link DIR-865L, Memory corruptions lead to Remote Code Execution (pre-auth)
C101100: D-Link DIR-865L, Unsigned firmware upload lead to persistent backdoor (pre-auth)
C101011: D-Link DIR-865L, Remote Code Execution (pre-auth) |
| Dolibarr |
C10011: Dolibarr 12.0.3, SQLi to RCE (post-auth)
C10010: Dolibarr 12.0.3, Multiple SQL injection (post-auth)
C10001: Dolibarr 12.0.3, Multiple XSS to RCE |
| Dompdf |
C11110: Dompdf multiple file deletion Gadget Chains |
| Jolokia |
C11011: Jolokia <= 1.7.1, Remote Code Execution (pre-auth) |
| Linux |
L1: Let’s learn Linux Kernel exploitation - part 2
L0: Let’s learn Linux Kernel exploitation - part 1
B16: Python loves capabilities |
| mPDF |
C100111: mPDF <= 8.1, SSRF |
| Netgear |
C100110: Netgear R6200v2, Remote Code Execution (pre-auth)
C100000: Netgear DGND4000, Remote Code Execution (pre-auth) - part 2
C11111: Netgear DGND4000, Remote Code Execution (pre-auth) - part 1
C11100: ReadyNAS OS 6 <= 6.10.6, Remote Code Execution (post-auth)
B10: Looking into routeur Netgear DG834Gv2 - part 4
B9: Looking into routeur Netgear DG834Gv2 - part 3
B8: Looking into routeur Netgear DG834Gv2 - part 2
B7: Looking into routeur Netgear DG834Gv2 - part 1 |
| PHP |
C101010: PHP SplDoublyLinkedList::pop() Use After Free
B12: Introduction to exploitation of the PHP interpreter by writing a 1day for CVE-2016-3132 |
| PHPBoost CMS |
C10111: PHPBoost CMS 5.2, PHP Object Injection (pre-auth)
C10101: PHPBoost CMS 5.2, SSRF (pre-auth) |
| PHPFusion |
B1: PHPFusion RCE (post-auth)
C111: PHPFusion v9.03.60, PHP Object Injection to SQL injection (pre-auth)
C110: PHPFusion v9.03.60, PHP Object Injection (pre-auth)
B0: Trolling PHP-Fusion editors
C101: PHPFusion v9.03.50, Stored XSS (post-auth)
C100: PHPFusion v9.03.50, Reflected XSS (pre-auth) |
| PHPWord |
C101111: PHPWord, file deletion Gadget Chain |
| PROJECTWORLDS |
B3: Back to basics |
| Qnap |
B13: Qnap QTS light backdooring
C100100: Qnap QTS, Race Condition to Remote Code Execution (post-auth)
C100001: Qnap QTS <= 5.0.0.2055 build 20220531, Remote Code Execution (post-auth) |
| Rukovoditel |
C1010: Rukovoditel v2.6.1, File Upload + LFI to RCE (post-auth)
C1001: Rukovoditel v2.7, SQL injection (post-auth)
C1000: Rukovoditel v2.7, Stored XSS (post-auth) |
| Sendy |
C10100: Sendy 5.1.1, SSRF (pre-auth) |
| Snappy |
C101110: Snappy, file deletion Gadget Chain |
| SPIP |
C11010: SPIP <= 4.2.0, Remote Code Execution (pre-auth)
C11001: SPIP <= 3.2.7, Remote Code Execution (post-auth)
C11000: SPIP <= 3.2.7, Remote Code Execution (post-auth) |
| Squiz Matrix |
C1111: Squiz Matrix, multiple XSS (post-auth) |
| Symfony |
B17: Symfony <= v6.4, let’s unlock some more mystery on the fragment exploit |
| Typo3 |
C11101: Typo3’s core, file deletion Gadget Chain
B6: Typo3’s template language TypoScript, Full Path Disclosure - part 3
B5: Typo3’s template language TypoScript, SQL injection - part 2
B4: Typo3’s template language TypoScript, RCE - part 1
C1101: Looking into Typo3 v10.4.3 source code - part 3
C1100: Looking into Typo3 v10.4.3 source code - part 2
C1011: Looking into Typo3 v10.4.3 source code - part 1 |
| vBulletin |
B14: vBulletin, PHP Object Injection (pre-auth) |
| Wansview |
B11: Looking into the camera Wansview Q6 |
| Wordpress |
B15: Wordpress plugins, automated vulnerability scanning
C0: Wordpress plugin Simple File List <= v4.2.2, RCE (pre-auth) |
| YesWiki |
C11: YesWiki version cercopitheque 2020-04-18-1, LFI to RCE (pre-auth)
C10: YesWiki version cercopitheque 2020-04-18-1, SQL injection (pre-auth)
C1: YesWiki version cercopitheque 2020-04-18-1, Reflected XSS (pre-auth) |
| Zabbix |
C10000: Zabbix >= v5.2.0, PHP Object Injection (pre-auth) |