OptiLink ONT1GEW GPON version 2.1.11_X101 build 1127.190306 authenticated remote code execution exploit.
IcoFX version 2.6 .ico buffer overflow exploit with SEH and DEP bypass using JOP.
Rocket.Chat version 3.12.1 unauthenticated NoSQL injection to remote code execution exploit.
WordPress Plugin wpDiscuz 7.0.4 – Arbitrary File Upload (Unauthenticated)
Grav CMS 1.7.10 – Server-Side Template Injection (SSTI) (Authenticated)
Rocket.Chat 3.12.1 – NoSQL Injection to RCE (Unauthenticated)
IcoFX 2.6 – ‘.ico’ Buffer Overflow SEH + DEP Bypass using JOP
WordPress Plugin Smart Slider-3 3.5.0.8 – ‘name’ Stored Cross-Site Scripting (XSS)
OptiLink ONT1GEW GPON 2.1.11_X101 Build 1127.190306 – Remote Code Execution (Authenticated)
Sticky Notes & Color Widgets 1.4.2 – Denial of Service (PoC)