Exploit Remote Exploint 2018- Úvod  Remote  Web App  Local&Privilege Escalation  DoS & PoC  ShellCode  Exploit  Exploit prog.  Ex. Techniky  Exp. kit  Typy Exploitù  Exploit Articles 

Remote Exploint  H  2020  2019  2018

21.12.2018Netatalk 3.1.12 - Authentication BypassremoteMultiple
20.12.2018Erlang - Port Mapper Daemon Cookie RCE (Metasploit)remoteMultiple
18.12.2018MiniShare 1.4.1 - 'HEAD/POST' Remote Buffer OverflowremoteWindows
14.12.2018Cisco RV110W - Password Disclosure / Command ExecutionremoteHardware
14.12.2018Safari - Proxy Object Type Confusion (Metasploit)remotemacOS
10.12.2018Kubernetes - (Unauthenticated) Arbitrary RequestsremoteMultiple
10.12.2018Kubernetes - (Authenticated) Arbitrary RequestsremoteMultiple
04.12.2018OpenSSH < 7.7 - User Enumeration (2)remoteLinux
04.12.2018HP Intelligent Management - Java Deserialization RCE (Metasploit)remoteWindows
03.12.2018CyberArk 9.7 - Memory DisclosureremoteWindows
30.11.2018Apache Spark - (Unauthenticated) Command Execution (Metasploit)remoteJava
29.11.2018PHP imap_open - Remote Code Execution (Metasploit)remoteLinux
29.11.2018TeamCity Agent - XML-RPC Command Execution (Metasploit)remoteMultiple
27.11.2018Netgear Devices - (Unauthenticated) Remote Command Execution (Metasploit)remoteHardware
26.11.2018ELBA5 5.8.0 - Remote Code ExecutionremoteWindows
14.11.2018Atlassian Jira - (Authenticated) Upload Code Execution (Metasploit)remoteJava
06.11.2018Morris Worm - sendmail Debug Mode Shell Escape (Metasploit)remoteUnix
06.11.2018blueimp's jQuery 9.22.0 - (Arbitrary) File Upload (Metasploit)remotePHP
06.11.2018Morris Worm - fingerd Stack Buffer Overflow (Metasploit)remoteBSD
30.10.2018Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) - SFTP Authentication BypassremoteMultiple
29.10.2018Paramiko 2.4.1 - Authentication BypassremoteLinux
25.10.2018WebExec - (Authenticated) User Code Execution (Metasploit)remoteWindows
25.10.2018Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)remoteMultiple
24.10.2018exim 4.90 - Remote Code ExecutionremoteLinux
23.10.2018ServersCheck Monitoring Software 14.3.3 - Arbitrary File WriteremoteWindows
20.10.2018LibSSH 0.7.6 / 0.8.4 - Unauthorized AccessremoteLinux
18.10.2018libSSH - Authentication BypassremoteLinux
17.10.2018FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded CredentialsremoteHardware
15.10.2018NoMachine < 5.3.27 - Remote Code ExecutionremoteWindows
10.10.2018MicroTik RouterOS < 6.43rc3 - Remote RootremoteHardware
09.10.2018Delta Electronics Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (Metasploit)remoteWindows
08.10.2018Unitrends UEB - HTTP API Remote Code Execution (Metasploit)remoteLinux
08.10.2018Navigate CMS - (Unauthenticated) Remote Code Execution (Metasploit)remotePHP
04.10.2018Cisco Prime Infrastructure - (Unauthenticated) Remote Code ExecutionremoteMultiple
27.09.2018Microsoft Edge - Sandbox EscaperemoteWindows
18.09.2018NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet)remoteHardware
18.09.2018Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code ExecutionremoteWindows
17.09.2018CA Release Automation NiMi 6.5 - Remote Command ExecutionremoteJava
10.09.2018Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit)remoteMultiple
07.09.2018Tenable WAS-Scanner 7.4.1708 - Remote Command ExecutionremoteLinux
05.09.2018FUJI XEROX DocuCentre-V 3065 Printer - Remote Command ExecutionremoteHardware
29.08.2018Eaton Xpert Meter 13.4.0.10 - SSH Private Key DisclosureremoteHardware
27.08.2018Electron WebPreferences - Remote Code ExecutionremoteMultiple
27.08.2018HP Jetdirect - Path Traversal Arbitrary Code Execution (Metasploit)remoteUnix
26.08.2018Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1)remoteLinux
25.08.2018Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2)remoteMultiple
21.08.2018OpenSSH 2.3 < 7.7 - Username EnumerationremoteLinux
20.08.2018SEIG Modbus 3.4 - Remote Code ExecutionremoteWindows_x86
20.08.2018Easylogin Pro 1.3.0 - 'Encryptor.php' Unserialize Remote Code ExecutionremotePHP
19.08.2018SEIG SCADA System 9 - Remote Code ExecutionremoteWindows_x86
16.08.2018OpenSSH 2.3 < 7.7 - Username Enumeration (PoC)remoteLinux
14.08.2018Cloudme 1.9 - Buffer Overflow (DEP) (Metasploit)remoteWindows_x86-64
13.08.2018Microsoft DirectX SDK - 'Xact.exe' Remote Code ExecutionremoteWindows
13.08.2018Oracle Weblogic Server - Deserialization Remote Code Execution (Metasploit)remoteWindows
09.08.2018Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit)remoteWindows
01.08.2018SonicWall Global Management System - XMLRPC set_time_zone Command Injection (Metasploit)remoteLinux
27.07.2018WordPress Plugin Responsive Thumbnail Slider - Arbitrary File Upload (Metasploit)remotePHP
27.07.2018Axis Network Camera - .srv to parhand RCE (Metasploit)remoteLinux
23.07.2018Microsoft Windows - 'dnslint.exe' Drive-By DownloadremoteWindows
18.07.2018HomeMatic Zentrale CCU2 - Remote Code ExecutionremoteHardware
17.07.2018Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default CredentialsremoteHardware
17.07.2018QNAP Q'Center - 'change_passwd' Command Execution (Metasploit)remoteLinux
17.07.2018Nanopool Claymore Dual Miner - APIs Remote Code Execution (Metasploit)remoteMultiple
13.07.2018Manage Engine Exchange Reporter Plus - Remote Code Execution (Metasploit)remoteJava
13.07.2018Apache CouchDB - Arbitrary Command Execution (Metasploit)remoteLinux
13.07.2018phpMyAdmin - (Authenticated) Remote Code Execution (Metasploit)remotePHP
13.07.2018Hadoop YARN ResourceManager - Command Execution (Metasploit)remoteLinux
11.07.2018IBM QRadar SIEM - Remote Code Execution (Metasploit)remoteUnix
09.07.2018Activision Infinity Ward Call of Duty Modern Warfare 2 - Buffer OverflowremoteWindows
09.07.2018HP VAN SDN Controller - Root Command Injection (Metasploit)remoteLinux
09.07.2018HID discoveryd - 'command_blink_on' Remote Code Execution (Metasploit)remoteLinux
09.07.2018GitList 0.6.0 - Argument Injection (Metasploit)remotePHP
06.07.2018PolarisOffice 2017 8 - Remote Code ExecutionremoteWindows
02.07.2018FTPShell Client 6.70 (Enterprise Edition) - Stack Buffer Overflow (Metasploit)remoteWindows
02.07.2018Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit)remoteLinux
27.06.2018Quest KACE Systems Management - Command Injection (Metasploit)remoteUnix
25.06.2018Foxit Reader 9.0.1.1049 - Remote Code ExecutionremoteWindows
21.06.2018Dell EMC RecoverPoint < 5.1.2 - Remote Root Command ExecutionremoteLinux
13.06.2018DHCP Client - Command Injection 'DynoRoot' (Metasploit)remoteLinux
05.06.2018WebKit - not_number defineProperties UAF (Metasploit)remoteiOS
04.06.2018CyberArk < 10 - Memory DisclosureremoteLinux
28.05.2018CloudMe Sync < 1.11.0 - Buffer Overflow (SEH) (DEP Bypass)remoteWindows_x86-64
27.05.2018Bitmain Antminer D3/L3+/S9 - Remote Command ExecutionremoteHardware
25.05.2018D-Link DSL-2750B - OS Command Injection (Metasploit)remoteHardware
18.05.2018HPE iMC 7.3 - Remote Code Execution (Metasploit)remoteWindows
17.05.2018Nanopool Claymore Dual Miner 7.3 - Remote Code ExecutionremoteWindows
17.05.2018Jenkins CLI - HTTP Java Deserialization (Metasploit)remoteLinux
17.05.2018Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution (Metasploit)remoteMultiple
16.05.2018Inteno IOPSYS 2.0 < 4.2.0 - 'p910nd' Remote Command ExecutionremoteHardware
13.05.2018Microsoft Windows 2003 SP2 - 'RRAS' SMB Remote Code ExecutionremoteWindows
10.05.2018Mantis Bug Tracker 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)remotePHP
08.05.2018FTPShell Client 6.7 - Buffer OverflowremoteWindows
08.05.2018Palo Alto Networks - 'readSessionVarsFromFile()' Session Corruption (Metasploit)remoteUnix
08.05.2018PlaySMS - 'import.php' (Authenticated) CSV File Upload Code Execution (Metasploit)remotePHP
08.05.2018PlaySMS 1.4 - 'sendfromfile.php?Filename' (Authenticated) 'Code Execution (Metasploit)remotePHP
04.05.2018Google Chrome V8 - Object Allocation Size Integer OverflowremoteMultiple
03.05.2018GPON Routers - Authentication Bypass / Command InjectionremoteHardware
02.05.2018xdebug < 2.5.5 - OS Command Execution (Metasploit)remotePHP
02.05.2018Metasploit Framework - 'msfd' Remote Code Execution (via Browser) (Metasploit)remoteRuby
02.05.2018Metasploit Framework - 'msfd' Remote Code Execution (Metasploit)remoteRuby
02.05.2018Exim < 4.90.1 - 'base64d' Remote Code ExecutionremoteLinux
02.05.2018Norton Core Secure WiFi Router - 'BLE' Command Injection (PoC)remoteHardware
02.05.2018TBK DVR4104 / DVR4216 - Credentials LeakremoteHardware
02.05.2018Call of Duty Modern Warefare 2 - Buffer OverflowremoteWindows
24.04.2018Easy File Sharing Web Server 7.2 - 'UserID' Remote Buffer Overflow (DEP Bypass)remoteWindows
24.04.2018ASUS infosvr - Authentication Bypass Command Execution (Metasploit)remoteHardware
22.04.2018Oracle Weblogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.2 / 12.2.1.3 - Deserialization Remote Command ExecutionremoteMultiple
18.04.2018Easy File Sharing Web Server 7.2 - Stack Buffer OverflowremoteWindows
17.04.2018D-Link DIR-615 Wireless Router - Persistent Cross Site ScriptingremoteHardware
17.04.2018Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Metasploit)remotePHP
13.04.2018Microsoft Credential Security Support Provider - Remote Code ExecutionremoteWindows
06.04.2018Adobe Flash < 28.0.0.161 - Use-After-FreeremoteMultiple
06.04.2018LineageOS 14.1 Blueborne - Remote Code ExecutionremoteAndroid
30.03.2018Advantech WebAccess < 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer OverflowremoteWindows
29.03.2018GitStack - Unsanitized Argument Remote Code Execution (Metasploit)remoteWindows
29.03.2018Exodus Wallet (ElectronJS Framework) - Remote Code Execution (Metasploit)remoteWindows
28.03.2018TeamCity < 9.0.2 - Disabled Registration BypassremoteMultiple
27.03.2018TestLink Open Source Test Management < 1.9.16 - Remote Code Execution (PoC)remoteLinux
26.03.2018Acrolinx Server < 5.2.5 - Directory TraversalremoteWindows
20.03.2018OpenSSH < 6.6 SFTP - Command ExecutionremoteLinux
16.03.2018Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code ExecutionremoteWindows
16.03.2018Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code ExecutionremoteWindows
16.03.2018Unitrends UEB 10.0 - Root Remote Code ExecutionremoteLinux
15.03.2018MikroTik RouterOS < 6.41.3/6.42rc27 - SMB Buffer OverflowremoteHardware
14.03.2018SAP NetWeaver AS JAVA CRM - Log injection Remote Command ExecutionremoteWindows
12.03.2018DEWESoft X3 SP1 (64-bit) - Remote Command ExecutionremoteWindows
12.03.2018Eclipse Equinoxe OSGi Console - Command Execution (Metasploit)remoteMultiple
12.03.2018MikroTik RouterOS < 6.38.4 (MIPSBE) - 'Chimay Red' Stack Clash Remote Code ExecutionremoteHardware
12.03.2018MikroTik RouterOS < 6.38.4 (x86) - 'Chimay Red' Stack Clash Remote Code ExecutionremoteHardware
05.03.2018NETGEAR - 'TelnetEnable' Magic Packet (Metasploit)remoteHardware
02.03.2018TestLink Open Source Test Management < 1.9.16 - Remote Code ExecutionremotePHP
27.02.2018GetGo Download Manager 5.3.0.2712 - Buffer Overflow (SEH)remoteWindows
27.02.2018Sony Playstation 4 (PS4) 4.55 - 'Jailbreak' 'setAttributeNodeNS' WebKit 5.02 / 'bpf' Kernel Loader 4.55remoteHardware
26.02.2018Disk Savvy Enterprise 10.4.18 - Stack-Based Buffer Overflow (Metasploit)remoteWindows
26.02.2018CloudMe Sync 1.10.9 - Stack-Based Buffer Overflow (Metasploit)remoteWindows
26.02.2018AsusWRT LAN - Remote Code Execution (Metasploit)remoteHardware
25.02.2018Papenmeier WiFi Baby Monitor Free & Lite < 2.02.2 - Remote Audio RecordremoteAndroid
21.02.2018EChat Server 3.1 - 'CHAT.ghp' Buffer OverflowremoteWindows
21.02.2018Disk Savvy Enterprise 10.4.18 - Buffer Overflow (SEH)remoteWindows
21.02.2018Disk Pulse Enterprise 10.4.18 - 'Import Command' Buffer Overflow (SEH)remoteWindows
20.02.2018μTorrent (uTorrent) Classic/Web - JSON-RPC Remote Code Execution / Information DisclosureremoteMultiple
14.02.2018Tenda AC15 Router - Remote Code ExecutionremoteHardware
13.02.2018CloudMe Sync < 1.11.0 - Buffer OverflowremoteWindows
13.02.2018Advantech WebAccess 8.3.0 - Remote Code ExecutionremoteWindows
10.02.2018LibreOffice < 6.0.1 - '=WEBSERVICE' Remote Arbitrary File DisclosureremoteLinux
07.02.2018Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code ExecutionremoteWindows
05.02.2018Microsoft Windows - 'EternalRomance'/'EternalSynergy'/'EternalChampion' SMB Remote Code Execution (Metasploit) (MS17-010)remoteWindows
05.02.2018HPE iLO 4 < 2.53 - Add New Administrator UserremoteMultiple
01.02.2018Sync Breeze Enterprise 10.4.18 - Remote Buffer Overflow (SEH)remoteWindows
01.02.2018BMC Server Automation RSCD Agent - NSH Remote Command Execution (Metasploit)remoteMultiple
01.02.2018Geovision Inc. IP Camera/Video/Access Control - Multiple Remote Command Execution / Stack Overflow / Double Free / Unauthorized AccessremoteHardware
01.02.2018Geovision Inc. IP Camera & Video - Remote Command ExecutionremoteHardware
30.01.2018HPE iMC 7.3 - RMI Java DeserializationremoteWindows
29.01.2018Oracle WebLogic - wls-wsat Component Deserialization Remote Code Execution (Metasploit)remoteMultiple
28.01.2018Werkzeug - 'Debug Shell' Command ExecutionremoteMultiple
28.01.2018Trend Micro Threat Discovery Appliance 2.6.1062r1 - 'dlp_policy_upload.cgi' Remote Code ExecutionremoteLinux
26.01.2018BMC BladeLogic 8.3.00.64 - Remote Command ExecutionremoteMultiple
25.01.2018Exodus Wallet (ElectronJS Framework) - Remote Code ExecutionremoteWindows
24.01.2018RAVPower 2.000.056 - Root Remote Code ExecutionremoteHardware
24.01.2018Kaltura - Remote PHP Code Execution over Cookie (Metasploit)remotePHP
24.01.2018GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Arbitrary Module Load (Metasploit)remoteMultiple
22.01.2018AsusWRT Router < 3.0.0.4.380.7743 - LAN Remote Code ExecutionremoteHardware
22.01.2018Herospeed - 'TelnetSwitch' Remote Stack Overflow / Overwrite Password / Enable TelnetDremoteHardware
17.01.2018Master IP CAM 01 - Multiple VulnerabilitiesremoteHardware
15.01.2018SysGauge Server 3.6.18 - Remote Buffer OverflowremoteWindows
15.01.2018Disk Pulse Enterprise 10.1.18 - Remote Buffer OverflowremoteWindows
15.01.2018Synology Photo Station 6.8.2-3461 - 'SYNOPHOTO_Flickr_MultiUpload' Race Condition File Write Remote Code ExecutionremoteHardware
11.01.2018Seagate Personal Cloud - Multiple VulnerabilitiesremoteHardware
11.01.2018Transmission - RPC DNS RebindingremoteMultiple
11.01.2018LabF nfsAxe 3.7 FTP Client - Stack Buffer Overflow (Metasploit)remoteWindows
11.01.2018phpCollab 2.5.1 - File Upload (Metasploit)remotePHP
11.01.2018ALLMediaServer 0.95 - Remote Buffer OverflowremoteWindows
10.01.2018DiskBoss Enterprise 8.8.16 - Remote Buffer OverflowremoteWindows
10.01.2018HPE iMC - dbman 'RestoreDBase' Remote Command Execution (Metasploit)remoteWindows
10.01.2018HPE iMC - dbman 'RestartDB' Remote Command Execution (Metasploit)remoteWindows
09.01.2018Commvault Communications Service (cvd) - Command Injection (Metasploit)remoteWindows
05.01.2018Ayukov NFTP FTP Client 2.0 - Remote Buffer Overflow (Metasploit)remoteWindows
05.01.2018Cisco IOS - Remote Code ExecutionremoteHardware
04.01.2018Linksys WVBR0-25 - User-Agent Command Execution (Metasploit)remoteHardware
04.01.2018Xplico - Remote Code Execution (Metasploit)remoteLinux
03.01.2018D-Link DNS-320 ShareCenter < 1.06 - Backdoor AccessremoteHardware
03.01.2018WDMyCloud < 2.30.165 - Multiple VulnerabilitiesremoteHardware
03.01.2018Oracle WebLogic < 10.3.6 - 'wls-wsat' Component Deserialisation Remote Command ExecutionremoteMultiple
01.01.2018HP Mercury LoadRunner Agent magentproc.exe - Remote Command Execution (Metasploit)remoteWindows
01.01.2018Cambium ePMP1000 - 'ping' Shell via Command Injection (Metasploit)remoteUnix
01.01.2018Cambium ePMP1000 - 'get_chart' Shell via Command Injection (Metasploit)remoteCGI