Targets of interest:
- Operating systems: Windows (RCE and PE)
- Mobile: iOS (PE from within the Sandbox) / Android / Baseband
- Web Browsers: Chrome (RCE or SBX) / Safari / Firefox (RCE)
- Operating systems: Linux (RCE and PE)
- Readers: Microsoft Office
- Web Hosting Control Panel: cPanel / Plesk / DirectAdmin / Webmin / VestaCP / Aegir
- Mailserver: Exchange Server / Dovecot / Zimbra / Roundcube / MDaemon / Horde / Exim / Postfix / IceWarp
- Content Management Systems: WordPress / Joomla / Drupal / Confluence
- Embedded / IoT: NAS ( i.e. QNAP) / Routers ( i.e. Tenda / Asus – RT / D-Link / Netgear ) – DVR ( i.e. Samsung / Juan ) – IP Camera ( i.e. TVT )
- Network Management Systems: Zabbix / Nagios / PRTG / Cacti / ManageEngine OpManager
- Mobile Applications: Facebook / Whatsapp / Facebook Messenger / iMessage / FaceTime / Instagram / Youtube / GoogleMaps / Truecaller / Skype / Telegram
- Git server: GitHub / GitLab enterprise / Bitbucket
- Others: Atlassian JIRA / PHP / .NET / Firewalls / Protocols / Apache / Engine X / IIS / EMS (AhnLab Policy Center)
Got a vulnerability out of this scope? Send us an email, we can still help: contact@ssd-disclosure.com