>> TAG: #remote exploit

Easyndexer 1.0 – Arbitrary File Download

Linux/x86 – Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode (58 bytes)

Surreal ToDo 0.6.1.2 – SQL Injection

Gumbo CMS 0.99 – SQL Injection

TufinOS 2.17 Build 1193 – XML External Entity Injection

Data Center Audit 2.6.2 – ‘username’ SQL Injection

HeidiSQL 9.5.0.5196 – Denial of Service (PoC)

Facturation System 1.0 – ‘modid’ SQL Injection

Easyndexer 1.0 – Cross-Site Request Forgery (Add Admin)

CuteFTP 9.3.0.3 – Denial of Service (PoC)