IcoFX version 2.6 .ico buffer overflow exploit with SEH and DEP bypass using JOP.
Rocket.Chat version 3.12.1 unauthenticated NoSQL injection to remote code execution exploit.
WordPress Plugin wpDiscuz 7.0.4 – Arbitrary File Upload (Unauthenticated)
Grav CMS 1.7.10 – Server-Side Template Injection (SSTI) (Authenticated)
Rocket.Chat 3.12.1 – NoSQL Injection to RCE (Unauthenticated)
IcoFX 2.6 – ‘.ico’ Buffer Overflow SEH + DEP Bypass using JOP
WordPress Plugin Smart Slider-3 3.5.0.8 – ‘name’ Stored Cross-Site Scripting (XSS)
OptiLink ONT1GEW GPON 2.1.11_X101 Build 1127.190306 – Remote Code Execution (Authenticated)
Sticky Notes & Color Widgets 1.4.2 – Denial of Service (PoC)
FileCOPA FTP Server version 1.01 denial of service exploit.