Immunity email over to E-SPIN dated 29-Aug-2022 inform D2 Elliot has been discontinued. The post is keep and serve as archive for those who look for the information. Exploitation frameworks traditionally focus on network penetration testing, D2 Elliot Web Exploitation Framework for web application pentesting is focused on closing the gap. Traditional network based exploitation frameworks lack the robust functionality of web based exploitation like manual web application security testing tools. D2 Elliot Web Exploitation Framework for web application pentesting helps enterprises to replicate real-life attacks during web application penetration testing by providing a powerful framework and efficient exploits and tools, validating vulnerability scans and revealing which data would be at risk. It is a good companion to the customer in the pentesting field and looks to complement their existing pentesting toolkit in hand to cover the web exploitation, red team operations.
D2 Elliot subscription is licensed on a per user per year basis. License subscription feature, benefits and entitlement as below:
D2 Elliot Web Exploitation Framework provides you hundreds of ready-to-use web exploits and tools. Exploit can be used with several optimized payloads especially designed for each kind of vulnerability.
D2 Elliot Web Exploitation Framework helps security experts to quickly develop reliable web exploits. Several dedicated Python classes have been designed for each major type of web vulnerability like SQLi, Remote Code Execution, Remote File Include, Local File Include, File Upload or File Disclosure. You only have to take care of the vulnerability – not the way to exploit it.
D2 Elliot Web Exploitation Framework offers you an intuitive graphical user interface to exploit web vulnerabilities. This GUI only needs a standard browser without system dependencies.
D2 Elliot Web Exploitation Framework offers you an interactive shell to do everything you need to do without the GUI.
D2 Elliot Web Exploitation Framework can import and validate the exploitability of results from well-known web vulnerability scanners. Critical vulnerabilities can be easily identified.
D2 Elliot Web Exploitation Framework is regularly updated with new exploits and tools to keep a high level of efficiency.
D2 Elliot provides several hundreds of exploits for web application. When you get remote command execution on a web application you could need to go more deeper on the server and on the network. Using a MOSDEF node to do that seems an efficient way.
In D2 Exploitation Pack for Immunity CANVAS you can find d2sec_elliot, it makes available to CANVAS all the Elliot exploits which can give you a remote command execution (RFI, RCE or File Upload vulnerability for example). The most interesting part of this module is the ability to automatically gain a MOSDEF node from an Elliot exploit.
Below is the list all exploits from the D2 Elliot Web Exploitation Framework for web application penetration testing subscription
D2 Elliot 1.26 release 22-Oct-2021
Exploits – Added:
E-734 – WordPress Asgaros Forum < 1.15.13 SQL Injection
E-735 – Prestashop SmartBlog SQL Injection
E-736 – Prestashop ph_simpleblog SQL Injection
E-737 – Confluence < 7.12.3 File Disclosure
E-738 – Apache 2.4.50 RCE
E-739 – Apache 2.4.50 Path Traversal
E-740 – WordPress DZS ZoomSounds < 6.50 File Disclosure
Elliot Apache Roller RCE Linux
Elliot eCan 1.0 File Disclosure
Elliot EGallery 1.2 File Upload
Elliot Adobe Robohelp Server 8 Upload
Elliot Silver Peak Unity Orchestrator SQL Injection
Elliot Snort Report 1.3.2 RCE
Elliot Apache-Struts < 2.2.0 RCE Windows
Elliot Zen Cart 1.3.9f LFI
Elliot Joomla Component com_img LFI
Elliot Joomla Component com_pricelist 3.2.1 SQL Injection
Elliot Apache Tomcat File Disclosure
Elliot eCom Cart SQL Injection
Elliot Elasticsearch FD
Elliot Apache Roller File Disclosure
Elliot Simple CMS SQL Injection
Elliot Apache Solr Velocity RCE
Elliot Apache-Struts < 2.2.0 RCE Linux
Elliot Zen Cart 1.3.8a File Upload
Elliot Joomla Component com_jbusinessdirectory SQL Injection
Elliot Joomla Component com_medialibrary SQL Injection
Elliot Joomla Component com_forms 1.3.1 SQL Injection
Elliot Joomla Component com_worldrates LFI
Elliot ManageEngine Applications Manager License Key Disclosure
Elliot ECShop 2.x SQL Injection
Elliot Elasticsearch < 1.6.1 LFI
Elliot Roundcube 0.2beta RCE
Elliot HP SiteScope runOMAgentCommand 11.20 RCE
Elliot Dell SonicWALL Secure Remote Access diagnostics RCE
Elliot Apache-Struts ExceptionDelegator < 2.3.1.1 RCE Linux
Elliot ZeusCart 4.0 SQL Injection
Elliot Joomla Component com_jbusinessdirectory type SQL Injection
Elliot Joomla Component com_realestate 3.7 SQL Injection
Elliot WordPress Omni Secure Files 0.1.13 File Upload
Elliot Apache-Struts DefaultActionMapper < 2.3.15.1 RCE Linux
Elliot WordPress Contus Vblog 1.0 File Upload
Elliot Site Alpha SamFM Path Disclosure
Elliot ManageEngine Applications Manager SQL Injection
Elliot eFront 3.6.9 LFI
Elliot Elasticsearch RCE
Elliot RuubikCMS 1.1.0 LFI
Elliot Dell SonicWALL Secure Remote Access viewcert RCE
Elliot Apache-Struts DebuggingInterceptor < 2.3.1.1 RCE Windows
Elliot Zimbra iCollaboration Server LFI
Elliot Joomla Component JCK Editor 6.4.4 SQL Injection
Elliot Joomla Component com_jwhmcs 1.5.0 LFI
Elliot Joomla Component com_realtyna 1.0.15 LFI
Elliot WordPress Simple Ads Manager SQL Injection
Elliot WordPress Media File Manager Directory Traversal
Elliot WordPress Yoast SEO 1.7.3.3 SQL Injection
Elliot ManageEngine Applications MyPage.do Manager SQL Injection
Elliot eFront 3.5.5 LFI
Elliot Elite Bulletin Board 2.1.21 SQL Injection
Elliot Trend Micro SafeSync for Enterprise 3.2 check_nfs_server_status RCE
Elliot HP SiteScope issueSiebelCmd 11.20 RCE
Elliot Dell SonicWALL Secure Remote Access gencsr RCE
Elliot Apache-Struts DebuggingInterceptor < 2.3.1.1 RCE Linux
Elliot Joomla! Administrator File Upload [Templates]
Elliot Joomla Component com_jeguestbook 1.0 LFI
Elliot Joomla Component com_registrationpro 3.2.12 SQL Injection
Elliot Asmax Router Information Disclosure
Elliot WordPress WP-Property 1.35.0 File Upload
Elliot Joomla Component com_extrasearch SQL Injection
Elliot appRain 3.0.2 SQL Injection
Elliot eFront libraries/includes/social.php SQL Injection
Elliot McAfee Email Gateway 7.0 File Disclosure
Elliot Trend Micro SafeSync for Enterprise 3.2 get_replacement RCE
Elliot HP SiteScope 11.20 File Upload
Elliot SPIP 2.0.8 Information Disclosure
Elliot Apache-Struts ParameterInterceptor < 2.3.1.2 RCE Windows
Elliot Joomla Component com_jemembership SQL Injection
Elliot Joomla Component com_rpl SQL Injection
Elliot WordPress Easy Contact Forms Exporter 1.1.0 File Disclosure
Elliot appRain 0.1.5 File Upload
Elliot eFront 3.6.10 File Upload
Elliot Trend Micro Endpoint Application Control FileDrop Servlet File Upload
Elliot Sahi Pro 8.x File Disclosure
Elliot Skybluecanvas 1.1 RCE
Elliot SPIP connect Parameter RCE
Elliot Apache-Struts ParameterInterceptor < 2.3.1.2 RCE Linux
Elliot Joomla! Administrator File Upload [Extensions]
Elliot Joomla Component com_jfeedback 1.2 LFI
Elliot Joomla Component com_s5clanroster LFI
Elliot Joomla 1.5.0 to 3.4.5 Object Injection via User-Agent
Elliot Achievo 1.4.5 LFI
Elliot CA ARCserve D2D r15 Credentials Disclosure
Elliot eFront 3.6.10 Authentication Bypass and File Upload
Elliot Symantec Endpoint Protection Manager File Upload
Elliot SonicWALL Scrutinizer 9.0.1 SQL Injection
Elliot Trend Micro Smart Protection Server Encryption Key Disclosure
Elliot SPIP ecran_securite connect Parameter RCE
Elliot Apache-Struts Showcase < 2.3.14.1 RCE Linux
Elliot Joomla! Administrator File Upload [Templates]
Elliot Joomla Component com_jimtawl 1.0.2 LFI
Elliot WordPress Mac Photo Gallery 2.7 File Upload
Elliot Apache Struts Dynamic Method Invocation Expression Handling RCE
Elliot WordPress CP Multi View Event Calendar 1.1.4 SQL Injection
Elliot SPIP 3.0 Author to RCE
Elliot Joomla Component com_market 2.x LFI
Elliot WordPress Simple Ads Manager 2.9.4.116 SQL Injection
Elliot Kordil EDMS v2.2.60rc3 SQL Injection
Elliot Majordomo 2 File Disclosure
Elliot SonicWALL Scrutinizer 9.0.1 alarms.php SQL Injection
Elliot ThinkAdmin v6 File Disclosure
Elliot WordPress Really Easy Slider 0.1 File Upload
Elliot Joomla Component com_frontenduseraccess 3.4.0 LFI
Elliot WordPress Advanced Video Embed File Disclosure
Elliot WordPress Ninja Forms SQL Injection
Elliot VBSEO 3.6.0 RCE
Elliot Asus Wireless-N Gigabit Router Information Disclosure
Elliot WordPress MM Forms Community 2.2.6 File Upload
Elliot LabCollector SQL Injection
Elliot ManageEngine Multiple Products File Disclosure
Elliot ManageEngine Security Manager Plus 5.5 File Disclosure
Elliot Lenovo ThinkManagement Console 9.0.3 File Upload
Elliot WordPress Verve Meta Boxes 1.2.8 File Upload
Elliot Joomla Component com_guru SQL Injection
Elliot WordPress Advanced Custom Fields 3.5.1 RFI
Elliot WordPress N-Media Website Contact Form with File Upload 1.3.4 File Upload
Elliot Mantisbt < 1.2.4 LFI
Elliot Lexmark File Disclosure
Elliot Seo Panel 2.1.0 File Disclosure
Elliot Tiki Wiki CMS 15.0 LFI
Elliot TomatoCart 1.1.8 LFI
Elliot Joomla Component com_hdwplayer SQL Injection
Elliot WordPress AllWebMenus WordPress Menu Plugin 1.1.8 File Upload
Elliot WordPress Platform Theme RCE
Elliot Mantisbt < 1.2.8 LFI
Elliot Lexmark Services Monitor File Disclosure
Elliot Seportal 2.5 SQLi
Elliot Tiki Wiki CMS 15.1 Upload
Elliot TomatoCart 1.1.5 LFI
Elliot Joomla Component com_helpdeskpro SQL Injection
Elliot WordPress A Page Flip Book 2.3 LFI
Elliot Joomla CMS Form Data Handling Remote User Account Manipulation
Elliot WordPress Polls Widget SQL Injection
Elliot WordPress Pica Photo Gallery 1.0 File Upload
Elliot WordPress Creative Contact Form 0.9.7 File Upload
Elliot Mantis <= 1.1.1 LFI
Elliot Liferay Users disclosure
Elliot Seportal SQLi
Elliot Apache Struts REST Plugin OGNL Expression Handling RCE
Elliot Tiki Wiki CMS Groupware 8.2 RCE
Elliot TomatoCart 1.1.8 SQL Injection
Elliot Joomla Component com_hikashop LFI
Elliot WordPress FAdvertisement SQL Injection
Elliot WordPress Product Catalog 8 SQL Injection
Elliot WordPress Simple Ads Manager File Upload
Elliot WordPress SRS Simple Hits Counter SQL Injection
Elliot LionWiki 3.0.3 LFI
Elliot Lexmark MarkVision Enterprise 2.0 File Upload
Elliot Serendipity 1.6.1 SQL Injection
Elliot Tiki Wiki CMS Groupware 8.3 RCE
Elliot Apache Tomcat VirtualDirContext Class File Handling Remote JSP Source Code Disclosure
Elliot Joomla Component com_hikashop 2.3.2 RCE
Elliot WordPress Cart66 Lite SQL Injection
Elliot WordPress Quick Chat SQL Injection
Elliot WordPress RBX Gallery 2.1 File Upload
Elliot MediaWiki thumb.php page Parameter Remote Shell Command Injection
Elliot Log1 CMS 2.0 RCE
Elliot ManageEngine ServiceDesk Plus 9.1 LFI
Elliot Tiki Wiki CMS Groupware tiki-calendar.php RCE
Elliot Apache Tomcat for Windows HTTP PUT Method File Upload
Elliot Joomla Component com_horoscope LFI
Elliot WordPress Chop Slider 3 SQL Injection
Elliot WordPress 2.8.3 RCE
Elliot MegaFileManager 1.0 LFI
Elliot LotusCMS 3.0 LFI
Elliot Shopware Server Side Template Injection RCE
Elliot Tiki Wiki 5.2 CMS Groupware File Disclosure
Elliot Traq 2.3 RCE
Elliot Joomla Component com_hsconfig 1.5 LFI
Elliot WordPress Cloudsafe365 1.46 File Disclosure
Elliot WordPress Theme Nexos Real Estate SQL Injection
Elliot Joomla Core SQLi list[select]
Elliot WordPress Business Intelligence SQL Injection
Elliot Dolibarr 3.0.0 LFI
Elliot Ginkgo CMS 5.0 SQL Injection
Elliot Trend Micro InterScan Messaging Security Virtual Appliance WizardSetting_sys.imss RCE
Elliot Symantec Messaging Gateway 9.5.3 File Disclosure
Elliot Tiki Wiki CMS Groupware SQL Injection
Elliot TWiki 5.1.2 RCE
Elliot Symantec Web Gateway 5.0.3.18 RCE
Elliot Zenario CMS File Disclosure
Elliot Apache Struts 2 Struts 1 Plugin ActionMessage < 2.3.32 RCE
Elliot Joomla Component com_calendarplanner SQL Injection
Elliot WordPress Download Manager Privilege Escalation
Elliot WordPress WP-FileManager 1.3.0 File Disclosure
Elliot Dolibarr 3.4.0 SQL Injection
Elliot Trend Micro InterScan Web Security Virtual Appliance LogSettingHandler RCE
Elliot Symantec Messaging Gateway 10.6.1 File Disclosure
Elliot Timthumb 1.32 File Upload
Elliot TWiki debugenableplugins RCE
Elliot Symantec Web Gateway 5.0.3 RCE
Elliot Zenario CMS SQL Injection
Elliot Joomla Component com_canteen 1.0 LFI
Elliot Joomla Component com_mediqna < 1.2 LFI
Elliot WordPress Simply Poll 1.4.1 SQL Injection
Elliot WordPress Google Maps via Store Locator Plus 3.0.1 SQL Injection
Elliot Exponent CMS 0.97 File Upload
Elliot WordPress Front File Manager 0.1 File Upload
Elliot Dolibarr adherents/list.php SQL Injection
Elliot Trend Micro InterScan Web Security Virtual Appliance SSHConfig Remote Root RCE
Elliot Symantec Messaging Gateway RestoreAction.performRestore() RCE
Elliot WordPress Category Grid View Gallery 0.1.1 File Upload
Elliot Typo3 FD
Elliot Symantec Web Gateway 5.2.2 RCE
Elliot Zen Cart 1.5.4 LFI
Elliot Joomla Component com_ccnewsletter SQL Injection
Elliot Joomla Component com_memory 1.2 LFI
Elliot WordPress Video Embed & Thumbnail Generator 1.1 RCE (Linux)
Elliot MobileCartly 1.0 File Upload
Elliot Dolphin 7.0.7 RCE
Elliot Trend Micro InterScan Web Security Virtual Appliance ManageSRouteSettings RCE
Elliot WordPress Auto Attachments 0.2.9 File Upload
Elliot TYPO3 Restler File Disclosure
Elliot Symantec Web Gateway 5.0.3 SQLi
Elliot Zenphoto 1.4.2 RCE
Elliot Joomla Component com_ccnewsletter removeSubscriber SQL Injection
Elliot Joomla Component com_mtfireeagle 1.2 LFI
Elliot WordPress Video Gallery 2.8 plugin SQL Injection
Elliot Dolphin 7.3.0 SQL Injection
Elliot Trend Micro InterScan Web Security Virtual Appliance ConfigBackup File Upload
Elliot Trend Micro Mobile Security for iOS/Android Proxy.php RCE
Elliot WordPress WP Marketplace 1.1.0 File Upload
Elliot TYPO3 4.5.8/4.6.1 RFI
Elliot Symantec Web Gateway 5.0.2 File Upload
Elliot Novell ZENWorks Asset Management 7.5 File Upload
Elliot Joomla Component com_cvmaker 1.0 LFI
Elliot Joomla Component com_myblog LFI
Elliot W3 Total Cache Plugin Remote Code Execution
Elliot appRain SQL Injection
Elliot WordPress WP EasyCart Privilege Escalation
Elliot DomPHP <= 0.83 SQL Injection
Elliot Invision Power Board 3.4.5
Elliot Trend Micro Mobile Security for Enterprise SQL Injection
Elliot WordPress DP Thumbnail 1.0 File Upload
Elliot Cisco UCS Director Directory Traversal
Elliot Sophos Web Protection Appliance 3.7.8.1 File Disclosure
Elliot Novell ZENworks Configuration Management File Upload
Elliot Joomla Component com_datafeeds 880 LFI
Elliot Joomla Component com_mydyngallery SQL Injection
Elliot Joomla Component com_saxumpicker SQL Injection
Elliot WordPress Google Document Embedder 2.5.14 SQL Injection
Elliot WordPress Duplicator < 1.3.28 Directory Traversal
Elliot Apache Struts REST Plugin XStream RCE
Elliot MODx Revolution 2.0.2-pl LFI
Elliot Drupal AES encryption File Disclosure
Elliot Invision Power Board 3.3.4 RCE
Elliot WordPress Vk Gallery 1.1.0 File Upload
Elliot uWSGI Path Traversal File Disclosure
Elliot Sophos Web Protection Appliance 3.8.1 RCE
Elliot Novell ZENworks Configuration Management 11 SP2 File Upload
Elliot Joomla Component com_diary 1.5.0 LFI
Elliot Joomla Component com_myfiles 1.0 LFI
Elliot WordPress Site Editor LFI
Elliot WordPress Tevolution 2.3.1 File Upload
Elliot Oracle WebLogic Server WLS File Upload
Elliot IPS Community Suite RCE
Elliot MODX Revolution < 2.6.4 File Upload
Elliot Drupal Avatar Uploader File Disclosure
Elliot WordPress Rekt Slideshow 1.0.5 File Upload
Elliot Vanderbilt IP-Camera File Disclosure
Elliot Sophos Web Protection Appliance 3.7.8.1 RCE
Elliot Novell ZENworks Configuration Management UploadServlet File Upload
Elliot Joomla Component com_dioneformwizard 1.0.2 LFI
Elliot Joomla Component com_myportfolio SQL Injection
Elliot WordPress WPshop File Upload
Elliot Newscoop RFI
Elliot Apache OFBiz 10.04.01 RCE (Linux)
Elliot Lunar CMS 3.3 File Upload
Elliot OpenEMR File Disclosure
Elliot Citrix CloudBridge RCE
Elliot Drupal Coder RCE
Elliot Jaow SQLi
Elliot OpenMRS Reporting Module 0.9.7 RCE
Elliot Piwik 0.6.3 LFI
Elliot ProQuiz 2.0.2 RFI
Elliot ManageEngine OpManager File Upload
Elliot OpenEMR 5.0.0 RCE
Elliot ProQuiz 2.0.2 SQL Injection
Elliot Node.js 8.5.0 Path Traversal File Disclosure
Elliot CMS Made Simple 1.8 LFI
Elliot Drupal 7 SA-CORE-2018-002 RCE
Elliot ManageEngine EventLog Analyzer 9.9 File Upload
Elliot TIBCO JasperSoft Path Traversal
Elliot Trend Micro OfficeScan 11.0/XG Encryption Key Disclosure
Elliot Magento 2 SQL Injection
Elliot WordPress WP ecommerce Shop Styling 2.5 File Disclosure
Elliot AWCM SQL Injection
Elliot WordPress Gravity Forms File Upload
Elliot Apache Struts 2 Freemarker Tag Handling RCE
Elliot Magento File Disclosure
Elliot OpenEMR 4.1.2 forms_admin.php SQL Injection
Elliot OpenX 2.6.3 LFI
Elliot Plone RCE
Elliot Pulse Connect Secure File Disclosure
Elliot Oracle Application Testing Suite 12.4.0.2.0 File Upload
Elliot CMS Made Simple 1.4.1 LFI
Elliot Drupal 8 SA-CORE-2018-002 RCE
Elliot ManageEngine Exchange Reporter Plus 4.7 SQL Injection
Elliot RedHat JBoss File Disclosure
Elliot WordPress TheCartPress 1.1.1 RFI
Elliot WordPress Social Warfare 3.5.2 RCE
Elliot OneForum SQL Injection
Elliot Magento ShopLift RCE
Elliot OpenEMR 4.1.1 new_comprehensive_save.php SQL Injection
Elliot Pydio File Upload
Elliot OpenX 2.8.10 RCE
Elliot PluXml 5.1.5 LFI
Elliot CMS Made Simple File Upload
Elliot Drupal 7 SA-CORE-2018-004 RCE
Elliot Exponent CMS 2.0.2 File Disclosure
Elliot Jellyfin < 10.7.1 Directory Traversal
Elliot Joomla SQLi
Elliot Vlinks 2.0.3 SQL Injection
Elliot PmWiki 2.2.34 RCE
Elliot Nuked-klaN 1.7.7 / SP4.4 SQL injection
Elliot OP5 Monitor 5.5 license.php RCE
Elliot PineApp Mail-SeCure 3.70 test_li_connection.php RCE
Elliot OpenEMR 4.1.1 logview.php SQL Injection
Elliot Drupal RESTful Web Services RCE
Elliot Adobe ColdFusion File Upload
Elliot Exponent CMS 2.0.2 LFI
Elliot Atlassian JIRA File Disclosure
Elliot Rails File Disclosure
Elliot Nostromo Web Server RCE
Elliot OpenX 2.8.11 SQL Injection
Elliot POSH /portal/addtoapplication.php rssurl Parameter SQL Injection
Elliot rConfig 3.9 SQL Injection
Elliot Oracle Secure Backup 10.2.0.2 RCE (Linux)
Elliot NUUO NVRmini2 / NVRsolo File Upload
Elliot OP5 Monitor 5.5 RCE
Elliot Confluence File Disclosure
Elliot Drupal core 7.x SQL Injection
Elliot Exponent CMS 2.3.9 LFI
Elliot Atlassian JIRA Username Enumeration
Elliot ManageEngine OpManager FileCollector Servlet File Upload
Elliot vtiger CRM 5.4.0 get_tickets_list SQLi
Elliot OpenCart 1.1.8 LFI
Elliot PineApp Mail-SeCure 3.70 ldapsyncnow.php RCE
Elliot OpenEMR Anything_simple.php SQL Injection
Elliot Oracle Secure Backup 10.2.0.2 RCE (Windows)
Elliot OpenX 2.8.6 File Upload
Elliot PRADO 3.2.0 File Disclosure
Elliot ReciPHP 1.1 SQLi
Elliot Drupal WikiWiki SQL Injection
Elliot Trend Micro Control Manager File Disclosure
Elliot Exponent CMS SQL Injection
Elliot OpenSIS 7.4 SQL Injection
Elliot WordPress WP Fanzone 3.1 SQL Injection
Elliot Joomla Component com_jofacebookgallery SQL Injection
Elliot Bilboplanet SQL Injection
Elliot WordPress Holding Pattern Theme 0.6 File Upload
Elliot WordPress EZ SQL Reports Shortcode Widget and DB Backup RCE
Elliot PineApp Mail-SeCure 3.70 conflivelog.pl RCE
Elliot Trend Micro OfficeScan Proxy.php RCE
Elliot OpenConf SQL Injection
Elliot Apache OFBiz 10.04.01 RCE (Windows)
Elliot PineApp Mail-SeCure 3.70 livelog.html RCE
Elliot OpenEMR File Upload
Elliot Piwik 0.4.3 File Upload
Elliot Pragyan CMS File Disclosure
Elliot Oracle Secure Backup 10.3.0.1 RCE
Elliot iScripts ReserveLogic 1.1 SQL Injection
Elliot e107 0.7.20 RCE
Elliot Trend Micro Control Manager File Upload
Elliot WordPress UpdraftPlus Credentials Disclosure
Elliot WordPress Theme Tuner 0.7 RFI
Elliot WordPress SP Project & Document Manager 2.5.3 SQL Injection
Elliot webERP 4.08.1 RFI
Elliot WebPagetest 2.6 LFI
Elliot Joomla 3.2.2 mod_tags_similar SQL Injection
Elliot Vmware Server File Disclosure
Elliot Adobe Coldfusion Solr Service Information Disclosure
Elliot Exponent CMS 0.96 File Upload
Elliot php-Charts 1.0 RCE
Elliot vBulletin 5.0.0 Beta xx SQL Injection
Elliot Sophos Web Protection Appliance 4.2.1.3 RCE
Elliot Citrix XenMobile Server File Disclosure
Elliot Joomla Component com_addressbook 1.5.0 LFI
Elliot Joomla Component com_sef LFI
Elliot Linksys Information Disclosure
Elliot WordPress Nmedia Users File Uploader 1.7 File Upload
Elliot phpDocumentor 1.3 RC4 RFI
Elliot Adobe XML External Entity File Disclosure
Elliot Exponent 2.3.7 RCE
Elliot vBulletin 5.x Remote Administrator Injection
Elliot Sophos Web Protection Appliance Reports RCE
Elliot Xibo 1.4.1 LFI
Elliot Joomla Component com_advertising 0.25 LFI
Elliot Joomla Component com_services SQL Injection
Elliot Joomla Component com_dtregister SQL Injection
Elliot Linksys Information Disclosure
Elliot vtiger CRM 5.4.0 get_picklists SQLi
Elliot Exponent CMS 0.96.3 SQLi
Elliot phpFox RCE
Elliot vBulletin LFI
Elliot Unverse Whizzy CMS 10.01 LFI
Elliot XODA 0.4.5 File Upload
Elliot Joomla Component com_arcadegames 1.0 LFI
Elliot Joomla Component com_shoutbox LFI
Elliot Netgear Information Disclosure
Elliot WordPress LeagueManager 3.9.1.1 SQL Injection
Elliot WordPress Foxypress 0.4.1.1/0.4.2.1 File Upload
Elliot eclime 1.1.3b LFI
Elliot WordPress File Manager < 6.9 File Upload
Elliot Joomla Component com_jomestate 1.0 SQL Injection
Elliot Extcalendar RFI
Elliot PHP-Fusion 7.02.05 downloads.php SQL Injection
Elliot vBulletin 4.1.x RCE
Elliot WHMCS 4.2 File Disclosure
Elliot XOOPS 2.3.2 RCE
Elliot Joomla Component com_awdwall 1.5.4 LFI
Elliot Joomla Component com_surveyforce SQL Injection
Elliot Netgear Information Disclosure
Elliot WordPress EZ SQL Reports Shortcode Widget and DB Backup SQL Injection
Elliot WordPress 3.5.1 Lightbox Plus RCE
Elliot WordPress WP Mobile Detector 3.5 File Upload
Elliot WordPress Video Embed & Thumbnail Generator 1.1 RCE (Windows)
Elliot WordPress ToolsPack RCE
Elliot WordPress SQL Shortcode SQL Injection
Elliot AdRotate library/clicktracker.php track Parameter SQL Injection
Elliot ExtCalendar 2.0 Authentication bypass
Elliot PhpGedView 4.2.3 LFI
Elliot vBulletin 5.1 RCE
Elliot webERP 4.08.4 SQL Injection
Elliot WHMCS 4.x LFI
Elliot yappa-ng 2.3.2 LFI
Elliot Joomla Component com_blogfactory 1.1.2 LFI
Elliot Joomla Component com_sweetykeeper 1.5.x LFI
Elliot Netgear Information Disclosure
Elliot vtiger CRM 5.2.0 LFI
Elliot phpLDAPadmin 1.2.1.1 RCE
Elliot Agora Project 2.13.1 id_tache SQLi
Elliot Family connections CMS 2.7.1 RCE (Linux)
Elliot vBulletin 5 SQL Injection
Elliot WHMCS 5.2.7 SQL Injection
Elliot Zabbix <= 1.8.4 SQL Injection
Elliot Joomla Component com_blog_calendar SQL Injection
Elliot Joomla Component com_travelbook 1.0.1 LFI
Elliot Netgear Information Disclosure
Elliot WordPress Mail Masta 1.0 File Disclosure
Elliot AlienVault OSSIM 5.3.4 RCE
Elliot Family connections CMS 2.7.1 RCE (Windows)
Elliot phpList 2.10.7 LFI
Elliot VMware vCenter File Disclosure
Elliot WikkaWiki 1.3.1 SQL Injection
Elliot Zabbix 2.0 SQL Injection
Elliot Joomla Component com_branch 3.0 SQL Injection
Elliot Joomla Component com_easy_youtube_gallery 1.0.2 SQL Injection
Elliot Joomla Component com_tweetla 1.0.1 LFI
Elliot Nisuta Information Disclosure
Elliot vtiger CRM 5.4.0 File Upload
Elliot Agora Project 2.13.1 theme SQL Injection
Elliot IBM Flashsystem File Disclosure
Elliot phpMoAdmin RCE
Elliot V-CMS 1.0 File Upload
Elliot XAMPP 5.6.8 SQL Injection
Elliot Zabbix httpmon.php SQL Injection
Elliot Joomla Component com_bt_media SQL Injection
Elliot Joomla com_videogallerylite SQL Injection
Elliot Pirelli Router Information Disclosure
Elliot WordPress NEX-Forms 3.0 SQL Injection
Elliot nuBuilder RCE
Elliot Joomla Component com_joomlaflickr 1.0.x LFI
Elliot Joomla Component com_jradio < 1.5.1 LFI
Elliot WordPress Kish Guest Posting 1.0 File Upload
Elliot WordPress WP Mobile Edition File Disclosure
Elliot Joomla com_fields SQL Injection
Elliot PBBoard 3.0.1 email SQL Injection
Elliot phpMoneyBooks LFI
Elliot osCommerce 2.3.1 File Upload
Elliot AlienVault 4.3.1 graph_geoloc2.php SQL Injection
Elliot ASUSTOR ADM 3.1 album_id SQL Injection
Elliot E-Mail Security Virtual Appliance 2.0.5 RCE
Elliot glFusion SQL Injection
Elliot Narcissus RCE
Elliot Pivotal Spring Data Commons / Spring Data REST XXE File Disclosure
Elliot Oracle WebLogic Server Web Services RCE
Elliot WordPress Traffic Analyzer 3.4.2 SQL Injection
Elliot webERP 4.11.3 SQL Injection
Elliot Navigate CMS File Disclosure
Elliot osCommerce 2.2 File Upload
Elliot HP PCM+ SNAC Registration Server UpdateDomainControllerServlet File Upload
Elliot AlienVault 4.3.1 radar-iso27001-A11AccessControl-pot.php SQL Injection
Elliot ASUSTOR ADM 3.1 scope SQL Injection
Elliot Etomite 1.1 File Disclosure
Elliot GLPI 0.84.1 RCE
Elliot Phpmyadmin Backdoor RCE
Elliot Spring Data Commons RCE
Elliot vtiger CRM 5.0.4 LFI
Elliot Navigate CMS 2.8 File Upload
Elliot Open Web Analytics Password Reset Page owa_email_address Parameter SQL Injection
Elliot Apache ActiveMQ FD
Elliot AWCM 2.2 LFI
Elliot ManageEngine EventLog Analyzer 10.6 SQL Injection
Elliot SonicWALL Global Management System File Disclosure
Elliot HP PCM+ SNAC Registration Server UpdateCertificatesServlet File Upload
Elliot Phpmyadmin 3.x RCE
Elliot Spring MVC File Disclosure
Elliot Webmatic SQL Injection
Elliot Joomla Component com_enmasse SQL Injection
Elliot Phpmyadmin File Upload
Elliot Apache ActiveMQ Source Code Disclosure
Elliot Awstats Totals <= 1.14 RCE
Elliot SonicWALL Global Management System RCE
Elliot Visual Mining NetCharts Server 7.0 File Upload
Elliot Pandora FMS 5.0 RC1 RCE
Elliot HP OpenView Performance Manager 9.0 File Upload
Elliot Oracle E-Business File Disclosure
Elliot SQLiteManager 1.2.0 LFI
Elliot vTiger CRM 5.4.0 kcfinder File Upload
Elliot nuBuilder SQL Injection
Elliot Joomla! 1.5.26 SQL Injection
Elliot Visual Mining NetCharts Server saveFile.jsp File Upload
Elliot Pandora FMS 5.0 SP2 SQL Injection
Elliot pfSense Snort File Disclosure
Elliot phpMyAdmin 4.8.1 RCE
Elliot Basilic 1.5.14 RCE
Elliot Apache Axis2 File Disclosure
Elliot SonicWALL Global Management System ImagePreviewServlet SQL Injection
Elliot SQLiteManager 1.2.0 RFI
Elliot WebPagetest 2.6 File Upload
Elliot Joomla Component com_jr_tfb LFI
Elliot WordPress kk Star Ratings 1.7 RFI
Elliot WordPress WP Support Plus Responsive Ticket System SQL Injection
Elliot Joomla 2.5.13 & 3.1.4 File Upload
Elliot NETGEAR DGN1000/DGN2200 RCE
Elliot PBBoard 2.1.4 LFI
Elliot phpBB MyPage Plugin SQL Injection
Elliot Apache Axis2 FD
Elliot BigTree CMS 4.0 RC2 SQL Injection
Elliot GrandNode File Disclosure
Elliot phpMyBackupPro 2.2 LFI
Elliot SolarWinds Storage Manager 5.1.2 SQL Injection
Elliot WebSVN 2.3.2 RCE
Elliot WordPress Huge-IT Video Gallery 2.0.4 SQL Injection
Elliot WordPress Ultimate Form Builder Lite SQL Injection
Elliot WebGlimpse 2.18.8 RCE
Elliot Symantec Web Gateway 5.0.2 LFI
Elliot phpMyFAQ 2.7.0 RCE
Elliot Phpbb RCE
Elliot Novell NetIQ 2.3.1 RCE
Elliot PBBoard 2.1.4 username SQL Injection
Elliot Apache Continuum 1.4.2 RCE
Elliot F5 BIG-IP Traffic Management User Interface File Disclosure
Elliot Novell GroupWise 8 Document Viewer File Disclosure
Elliot Plesk Backdoor RCE
Elliot Solarwinds Storage Manager ProcessFileUpload.jsp File Upload
Elliot vtiger CRM 5.1.0 LFI
Elliot OpenEMR find_appt_popup_user.php SQL Injection
Elliot Citrix NetScaler SD-WAN RCE
Elliot phpBB alltopics.php SQLI
Elliot phpMyRecipes 1.2.2 SQL Injection
Elliot PBBoard 2.1.4 email SQL Injection
Elliot Apache Roller OGNL Injection
Elliot Bilboplanet SQLi via auth
Elliot Novell GroupWise 8 WebAccess File Disclosure
Elliot Apache-Struts2 DevMode RCE
Elliot Symantec Web Gateway 5.0.2 RCE
Elliot WordPress WP Marketplace 1.2.1 File Upload
Elliot Odoo File Disclosure
Elliot Joomla Component com_eventbooking SQL Injection
Elliot Joomla Component com_vjvideo 1.0 LFI
Elliot Oracle Glassfish Server Directory Traversal
Elliot vTiger File Upload
Elliot phpMyRecipes 1.2.2 dosearch.php SQL Injection
Elliot Bitweaver 2.7 LFI
Elliot Flickr Carousel 1.0 File Disclosure
Elliot HelpDEZk 1.0.1 File Upload
Elliot ZonPHP 2.25 File Upload
Elliot MoinMoin 1.9.5 RCE
Elliot Apache Struts 2 Multiple Tags Result Namespace Handling RCE
Elliot WordPress CAC Featured Content 0.8 File Upload
Elliot Vanilla Forums 2.0.17.9 LFI
Elliot ViArt Shop LFI
Elliot Livecart File Upload
Elliot OpenEMR 4.2.0 vitals/view.php SQL Injection
Elliot Joomla Component com_jssupportticket File Disclosure
Elliot Joomla Component com_joommail 1.0 LFI
Elliot WordPress WP Symposium 15.1 SQL Injection
Elliot Bitweaver 2.8.1 LFI
Elliot Apache Flink Directory Traversal
Elliot Horde < 3.3.2 LFI
Elliot PHPNuke <= 8.0 SQL Injection
Elliot Open-Letters 1.0.5 RCE
Elliot Moodle Jmol Plugin File Disclosure
Elliot SugarCRM 6.3.1 RCE
Elliot WordPress Rent A Car 1.0 File Upload
Elliot vBSEO 3.6.0 RCE
Elliot ViArt Shop 4.1 RCE (Windows)
Elliot Joomla 1.5.26 File Upload
Elliot WordPress wpStoreCart 2.5.29 File Upload
Elliot WeBid 1.0.5 File Disclosure
Elliot Business Wiki 2.5 File Upload
Elliot eLouai Force Download File Disclosure
Elliot Horde RCE
Elliot phppaleo LFI
Elliot Open Source ERP SQL Injection
Elliot Moodle <= 1.8.4 RCE
Elliot SugarCRM 6.5.18 RCE
Elliot WordPress LISL Last Image Slider 1.0 File Upload
Elliot vBSEO 3.6.0 functions_vbseo_hook.php Referer RCE
Elliot ViArt Shop 4.1 RCE (Linux)
Elliot vTiger CRM 5.4.0 kcfinder LFI
Elliot Oracle Business Transaction Management Server 12.1.0.2.7 File Upload
Elliot Fortinet FortiGate SSL VPN File Disclosure
Elliot House Style 0.1.2 File Disclosure
Elliot Moodle Tex Notification RCE
Elliot phpSANE 0.5.0 RFI
Elliot ManageEngine OpManager SQL Injection
Elliot Sitracker SIT File Upload
Elliot WordPress Islidex 2.7 File Upload
Elliot ViArt Shop 4.1 RFI
Elliot Joomla Component com_joomlaupdater LFI
Elliot PHP Address Book 7.0.0 SQL Injection
Elliot Care2x SQL Injection
Elliot Foswiki 1.1.5 RCE
Elliot Hycus CMS 1.0.3 LFI
Elliot ManageEngine OpManager 12.3 SQL Injection
Elliot moziloCMS 1.11 LFI
Elliot SureMDM File Disclosure
Elliot WordPress Kino Gallery 1.0 File Upload
Elliot VBSEO SQL Injection
Elliot VideoIQ Camera File Disclosure
Elliot Joomla Component com_weberpcustomer 1.2.1 LFI
Elliot WANem 2.3 RCE
Elliot ManageEngine OpManager MigrateCentralData Servlet File Upload
Elliot Cart Engine 3.0 SQL Injection
Elliot Hinnendahl Gaestebuch 1.2 RFI
Elliot Novell iManager File Upload
Elliot php_address_book authentication SQL injection
Elliot MyBB 1.6.4 RCE
Elliot Symphony 2.6.3 SQL Injection
Elliot WordPress Cms Pack 1.3 File Upload
Elliot vBulletin SQL Injection
Elliot Schneider Electric Pelco VideoXpert File Disclosure
Elliot nuBuilder LFI
Elliot PhpGedView 4.2.4 LFI
Elliot Joomla Component com_jssupportticket SQL Injection
Elliot Joomla Component com_jotloader 2.2.1 LFI
Elliot WordPress WP Symposium File Upload
Elliot MyBB 1.8.2 RCE
Elliot PicoPublisher 2.0 SQL Injection
Elliot CiviCRM SQL Injection
Elliot RCE Generic
Elliot HP Intelligent Management Center BIMS UploadServlet File Upload
Elliot ManageEngine OpManager MigrateLEEData Servlet File Upload
Elliot HP System Management Homepage RCE
Elliot WordPress A Gallery 0.9 File Upload
Elliot vBulletin SQL Injection
Elliot Schneider Electric Pelco VideoXpert auth_token Cookie Disclosure
Elliot 2wire Gateway Authentication Bypass
Elliot WordPress Asset Manager 0.2 File Upload
Elliot WordPress Work The Flow File Upload
Elliot WeBid 1.0.2 RCE
Elliot Piwigo rate parameter SQL Injection
Elliot ManageEngine OpManager FileCollector Servlet File Upload
Elliot Nagios 3.1.0 RCE
Elliot ClipBucket SQL Injection
Elliot GENU CMS SQL Injection
Elliot Impresscms LFI
Elliot TerraMaster Operating System SQL Injection
Elliot WordPress Category List Portfolio Page 1.3 File Upload
Elliot vBulletin 4 ForumRunner SQL Injection
Elliot Vivvo CMS 4.1.5.1 File Disclosure
Elliot vtiger CRM 6.0.0 RCE
Elliot Agora Project 2.12.1 File Upload
Elliot CoreCommerce 3.0 SQL Injection
Elliot Joomla 3.2.2 single-contact SQL Injection
Elliot Joomla Component com_news_portal 1.5.x LFI
Elliot Asus Wireless-N Gigabit Router Information Disclosure
Elliot D-LINK Unauthenticated Remote Access
Elliot Dragonfly Ruby Gem File Disclosure
Elliot WordPress ReFlex Gallery 3.1.3 File Upload
Elliot Joomla Component com_focalpoint SQL Injection
Elliot Joomla Component com_webtv LFI
Elliot AjaXplorer 2.5.5 RCE (Linux)
Elliot Cryptographp LFI
Elliot Western Digital My Cloud File Upload
Elliot Joomla Component com_obsuggest < 1.8 LFI
Elliot Joomla Component com_publisher SQL Injection
Elliot Belkin Router Information Disclosure
Elliot D-LINK Router Information Disclosure
Elliot GateOne 1.1 Directory Traversal
Elliot Apache-Struts IncludeParams < 2.3.14.1 RCE Linux
Elliot WordPress RegistrationMagic-Custom Registration Forms SQL Injection
Elliot Plici File Upload
Elliot Joomla Component com_jukebox 1.7 LFI
Elliot Joomla Component com_jphone 1.0 alpha 3 LFI
Elliot AjaXplorer 2.5.5 RCE (Windows)
Elliot Cyclope 6.0 SQL Injection
Elliot Joomla Component com_onlineexam 1.5.0 LFI
Elliot Belkin Router Information Disclosure
Elliot D-LINK Router Information Disclosure
Elliot Jetty WEB-INF File Disclosure
Elliot WordPress Mac Photo Gallery 2.8 File Disclosure
Elliot WordPress Relocate Upload 0.14 RFI
Elliot WordPress WP Vault 0.8.6.6 LFI
Elliot 3Com Router Password Disclosure
Elliot WordPress wpDiscuz < 7.0.5 File Upload
Elliot AlienVault OSSIM av-centerd Util.pm RCE
Elliot Trend Micro Data Loss Prevention File Disclosure
Elliot Joomla Component com_phpbridge SQL Injection
Elliot Compal Broadband Networks Router Information Disclosure
Elliot D-LINK Router Information Disclosure
Elliot osCommerce 2.3.4.1 RCE
Elliot WordPress Slider Revolution Responsive File Disclosure
Elliot WeBid 1.0.4 SQLi
Elliot vtiger CRM 6.0 RC RCE
Elliot ManageEngine Desktop Central 8.0.0 File Upload
Elliot Joomla User Notes List View SQL Injection
Elliot Joomla Component com_picasa2gallery 1.2.8 LFI
Elliot Comtrend Router Password Disclosure
Elliot D-LINK Router Information Disclosure
Elliot WordPress NativeChurch Theme File Disclosure
Elliot WordPress Slider Revolution Responsive File Upload
Elliot ManageEngine Desktop Central 9.0.0 File Upload
Elliot Joomla 1.5.12 Upload
Elliot Joomla Component com_picsell 1.0 LFI
Elliot Dd-wrt Router Information Disclosure
Elliot D-LINK Remote Command Execution
Elliot WordPress WP Statistics < 13.0.8 SQL Injection
Elliot WordPress Showbiz Pro Responsive Teaser File Upload
Elliot Joomla Component com_foobla_suggestions 1.5.1.2 LFI
Elliot Joomla Component com_wgpicasa 1.0 LFI
Elliot ManageEngine Desktop Central 9.0.0 FileUploadServlet File Upload
Elliot jQuery File Upload
Elliot WebCalendar 1.2.4 RCE
Elliot Joomla Component com_powermail 1.5.3 LFI
Elliot D-LINK Authentication Bypass
Elliot D-LINK Remote Command Execution
Elliot Apache-Struts IncludeParams < 2.3.14.2 RCE Linux
Elliot WordPress 1 Flash Gallery 1.5.6 File Upload
Elliot WordPress Search Everything SQL Injection
Elliot HP Power Manager 4.2 RCE
Elliot Joomla Component com_jux_real_estate SQL Injection
Elliot Joomla Component com_jprojectmanager 1.0 LFI
Elliot Dokeos FD
Elliot jQuery Upload File 4.0.2 File Upload
Elliot Joomla Component com_preventive 1.0.5 LFI
Elliot D-LINK Security Restriction Bypass
Elliot Huawei Information Disclosure
Elliot WordPress ACF Frontend Display File Upload
Elliot WordPress Service Finder Booking File Disclosure
Elliot WordPress MailPoet Newsletters File Upload
Elliot Alpha Networks Router Information Disclosure
Elliot WordPress HTML5 AV Manager 0.2.7 File Upload
Elliot WeBid 1.1.1 File Upload
