Targets of interest:
- Operating systems: Windows (RCE and PE)
- Mobile: iOS (PE from within the Sandbox) / Android / Baseband
- Web Browsers: Chrome (RCE or SBX) / Safari / Firefox (RCE)
- Operating systems: Linux (RCE and PE)
- Readers: Microsoft Office
- Web Hosting Control Panel: cPanel / Plesk / DirectAdmin / Webmin / VestaCP / Aegir/ WHMCS
- Mailserver: Exchange Server / Dovecot / Zimbra / Roundcube / MDaemon / Horde / Exim / Postfix / IceWarp
- Content Management Systems: WordPress / Joomla / Drupal / Confluence / Microsoft SharePoint
- Embedded: NAS ( i.e. QNAP) / Routers ( i.e. Tenda / Asus – RT / D-Link / Huawei) – DVR ( i.e. Juan, Dahua )
- IoT: IP Camera (TVT/Foscam) / Smart Video Phones (VTech/Yaelink) / Smart Home Hubs ( i.e. XIAOMI Mi control hub)
- Network Management Systems: Zabbix / Nagios / PRTG / Cacti / FortiOS
- Mobile Applications: Whatsapp / Facebook Messenger / iMessage / FaceTime / Instagram / Youtube / GoogleMaps / Truecaller / Skype / Telegram
- Git server: GitHub / GitLab enterprise / Bitbucket
- IoT Operating systems: DD-WRT
- Others: Atlassian JIRA / PHP / .NET / Firewalls (Fortinet Next-Generation Firewall) / Microsoft Word / Protocols / Apache / Engine X / IIS / Rocket.Chat / EMS (AhnLab Policy Center) / Slack / Cisco ESA / AirCube Home Wi-Fi Access Point / Open-Xchange App Suite
Got a vulnerability out of this scope? Send us an email, we can still help: contact@ssd-disclosure.com