{"uuid": "2001c0e5-b34f-4506-9bc8-9f47dcd65ace", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-5618", "type": "published-proof-of-concept", "source": "https://t.me/HackingPublicoficial/162", "content": "Best Exploits\n\nphpMoAdmin Remote Code Execution (CVE-2015-2208)\nLotusCMS Remote Code Execution (OSVDB-75095)\nElasticSearch Remote Code Execution (CVE-2015-1427)\nShellShock (httpd) Remote Code Execution (CVE-2014-6271)\nIISlap - http.sys Denial of Service/RCE PoC (DoS only). (MS-15-034)\nse0wned - Seowintech Router diagnostic.cgi remote root\nWPsh0pwn - Wordpress WPShop eCommerce Shell Upload (WPVDB-7830)\nnmediapwn - Wordpress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload\npwnflow - Wordpress Work the flow file upload 2.5.2 Shell Upload\ndelusions - Wordpress InfusionSoft Gravity Forms Shell Upload (CVE-2014-6446)\nsuiteshell - SuiteCRM Post-Auth Remote Code Execution (CVE-2015-NOTYET)\nsuiteracer - SuiteCRM Post-Auth Remote Code Execution Race Condition (CVE-2015-xxxx)\nunsanitary - Address Sanitizer + Setuid Binary = Local Root exploit (LD_PRELOAD vector)\nDiamondFox - DiamondFox Botnet C&C Panel Shell Upload\nDoubtfullyMalignant - BenignCertain DoS PoC\nTorCT-Shell - TorCT RAT C&C Panel Shell Upload\nvBullshit - vBulletin 5.x.x unserialize() Remote Code Execution (CVE-2015-7808)\nXanity-Shell - Xanity RAT C&C Panel Shell Upload\nJoomraa - PoC + upload blacklist bypass (CVE-2016-8869, CVE-2016-8870, CVE-2016-9836)\nDeathsize - LifeSize Room remote code execution & local root exploit\nAssetExploder - ManageEngine Asset Explorer remote code execution\nDroppleGanger - Droppler <= 1.6.5 Auth-Bypass & RCE\ntr-06fail - TR-064 Misimplementations leading to remote device takeover in ZyXEL Routers\nscreen2root - Screen 4.05.00 (CVE-2017-5618) local privesc\nFreeACS-Pwn - TR-069 exploit for FreeACS server, disclosed at BSides Edinburgh.\nJoomblah - Joomla 3.7.0 SQL Injection exploit (CVE-2017-8917)\npisspoorpool - Local file inclusion exploit for p2pool status page\nwipgpwn - Remote Root Exploit for WePresent WiPG-1000,1500,2000 devices\nTBA\n\nLink:\n\nhttps://github.com/XiphosResearch/exploits https://www.facebook.com/1656611301265857/posts/1887994441460874", "creation_timestamp": "2017-07-11T02:04:41.000000Z"}