Scope

Targets of interest:

  • Operating systems: Windows / Linux (RCE and PE)
  • Mobile: iOS (PE from within the Sandbox) / Android
  • Web Browsers: Chrome (RCE or SBX) / Safari / FireFox (RCE)
  • Readers: Microsoft Office
  • Web Hosting Control Panel: cPanel / Plesk / DirectAdmin / Webmin / VestaCP / Aegir
  • Mailserver: Exchange Server / Dovecot / Zimbra / Roundcube / MDaemon / Horde / Exim / Postfix / IceWarp
  • CMS: WordPress / Joomla / Drupal / Confluence
  • Embedded: Mobile Baseband / NAS (QNAP) / Routers ( Tenda / Asus – RT / Dlink / DVR (Samsung / Juan) / IoT (TVT / Netgear)
  • Network Management Systems: Zabbix / Nagios / PRTG / Cacti / ManageEngine OpManager
  • Mobile Applications: Facebook / Whatsapp / Facebook Messenger / iMessage / FaceTime / Instagram / Youtube / GoogleMaps / Truecaller / Skype / Telegram
  • Git server: GitHub / GitLab enterprise / Bitbucket
  • Others: Atlassian JIRA / PHP / .NET / Firewalls / Protocols / Apache / Engine X / IIS / EMS (AhnLab Policy Center)

Got a vulnerability out of this scope? Send us an email, we can still help: contact@ssd-disclosure.com