Vulnerabilities Seen

CVE-2012-2982

Game Zone

CVE-2014-0160 - HeartBleed

HeartBleed

CVE-2014-6287

Steel Mountain

CVE-2016–3714 - ImageMagick

magician

CVE-2017-0143

BlueRelevant

CVE-2018-19422 - SubrionCMS-RCE

Tech_Supp0rt: 1

CVE-2019-1388 - hhupd

RetroBlaster

CVE-2019-6714

HackPark

CVE-2020-1938 - Apache Tomcat 9.0.30 - Remote Code Execution

tomghost

CVE-2020-35846 - Cockpit CMS 0.11.1 NoSQL Injection to Remote Code Execution

CMSpit

CVE-2021-1675 - PrintNightmare

PrintNightmare

CVE-2021-29447 - Wordpress version 5.6.2

Wordpress: CVE-2021-29447

CVE 2023-7028 - Gitlab Password Reset

GitLab CVE-2023-7028

CVE-2024-25600 - WordPress Bricks Builder

Remote Code Execution

Initial Shell

CVE-2023-7028 - Gitlab

GitLab CVE-2023-7028

Druva inSync

Privileges Escalation

Case Study: Druva inSync 6.6.3

Jenkins

Get reverse shell from web

AlfredInternal

Joomla

Gather User Info

Daily Bugle

Reverse shell

HA Joker CTF

Wordpress

Reverse shell from web after login

Examples

InternalInitial Shell

Bolt

Reverse shell from web after login

Examples

Bolt

WebMin

Remote code execution

Examples

source

TeamCity

Remote code execution

Examples

TCP/22 - SSH

FreeSWITCH

Remote code execution

Examples

Flatline

PHP/8.1.0-dev

Remote code execution

Examples

Exploit

Joomla sar2html

Remote code execution

Examples

Initial Shell

Restaurant Management System 1.0

Remote Code Execution

Restaurant Management System Exploit

OpenCats 0.9.4

Remote Code Execution

Empline

Tika 1.17

Reverse shell

CyberLens

Odoo CRM 10.0

Remote Code Execution

Obscure