المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : exploit database


الصفحات : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 [47] 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67

  1. [webapps] - ZKTeco ZKBioSecurity 3.0 - Directory Traversal
  2. [webapps] - ZKTeco ZKBioSecurity 3.0 - (Add Superadmin) Cross-Site Request Forgery
  3. [webapps] - ZKTeco ZKBioSecurity 3.0 - Hardcoded Credentials Remote SYSTEM Code Execu
  4. [local] - ZKTeco ZKAccess Professional 3.5.3 - Insecure File Permissions Privilege Es
  5. [local] - ZKTeco ZKTime.Net 3.0.1.6 - Insecure File Permissions Privilege Escalation
  6. [dos] - PHP 7.0 - AppendIterator::append Local Denial of Service
  7. [dos] - PHP 5.0.0 - snmpset() Local Denial of Service
  8. [dos] - PHP 5.0.0 - fbird_[p]connect() Local Denial of Service
  9. [dos] - PHP 5.0.0 - snmpwalkoid() Local Denial of Service
  10. [dos] - PHP 5.0.0 - html_doc_file() Local Denial of Service
  11. [dos] - PHP 5.0.0 - hw_docbyanchor() Local Denial of Service
  12. [dos] - PHP 5.0.0 - imap_mail() Local Denial of Service
  13. [webapps] - FreePBX 13.0.35 - SQL Injection
  14. [dos] - Adobe Flash - MovieClip Transform Getter Use-After-Free
  15. [dos] - Adobe Flash - Use-After-Free When Returning Rectangle
  16. [dos] - Adobe Flash - Stage.align Setter Use-After-Free
  17. [dos] - Adobe Flash - BitmapData.copyPixels Use-After-Free
  18. [dos] - Adobe Flash - Selection.setFocus Use-After-Free
  19. [webapps] - PLC Wireless Router GPN2.4P21-C-CN - Arbitrary File Disclosure
  20. [papers] - [Persian] Android Security and Forensic Science
  21. [webapps] - HelpDeskZ 1.0.2 - Unauthenticated Shell Upload
  22. [webapps] - INTELLINET IP Camera INT-L100M20N - Unauthorized admin Credential Change
  23. [dos] - PHP 7.0 - Object Cloning Local Denial of Service
  24. [dos] - PHP 5.0.0 - domxml_open_file() Local Denial of Service
  25. [local] - NScan 0.9.1 - (Target) Buffer Overflow
  26. [dos] - Goron Webserver 2.0 - Multiple Vulnerabilities
  27. [webapps] - FreePBX 13.0.35 - Remote Command Execution
  28. [remote] - Phoenix Exploit Kit - Remote Code Execution (Metasploit)
  29. [webapps] - chatNow - Multiple Vulnerabilities
  30. [webapps] - SimplePHPQuiz - Blind SQL Injection
  31. [dos] - Eye of Gnome 3.10.2 - GMarkup Out of Bounds Write
  32. [webapps] - WordPress Mail Masta Plugin 1.0 - Local File Inclusion
  33. [dos] - ObiHai ObiPhone 1032/1062 < 5-0-0-3497 - Multiple Vulnerabilities
  34. [webapps] - WordPress 4.5.3 - Directory Traversal / Denial of Service
  35. [papers] - Hunting HTML 5 postMessage Vulnerabilities
  36. [webapps] - Sakai 10.7 - Multiple Vulnerabilities
  37. [webapps] - VideoIQ Camera - Local File Disclosure
  38. [webapps] - Honeywell IP-Camera HICC-1100PT - Local File Disclosure
  39. [webapps] - JVC IP-Camera VN-T216VPRU - Local File Disclosure
  40. [webapps] - Vanderbilt IP-Camera CCPW3025-IR, CVMW3025-IR - Local File Disclosure
  41. [webapps] - Fortigate Firewalls - Remote Code Execution (EGREGIOUSBLUNDER)
  42. [remote] - TOPSEC Firewalls - Remote Exploit (ELIGIBLEBACHELOR)
  43. [webapps] - TOPSEC Firewalls - Remote Code Execution (ELIGIBLEBOMBSHELL)
  44. [webapps] - TOPSEC Firewalls - Remote Code Execution (ELIGIBLECANDIDATE)
  45. [webapps] - TOPSEC Firewalls - Remote Code Execution (ELIGIBLECONTESTANT)
  46. [local] - Cisco ASA / PIX - Privilege Escalation (EPICBANANA)
  47. [local] - WatchGuard Firewalls - ifconfig Privilege Escalation (ESCALATEPLOWMAN)
  48. [webapps] - tcPbX - (tcpbx_lang) Local File Inclusion
  49. [webapps] - MESSOA IP Cameras (Multiple Models) - Unauthenticated Password Change
  50. [webapps] - ZYCOO IP Phone System - Remote Command Execution
  51. [local] - Windows - Fileless UAC Protection Bypass Privilege Escalation (Metasploit)
  52. [webapps] - MESSOA IP-Camera NIC990 - Auth Bypass / Configuration Download
  53. [webapps] - TOSHIBA IP-Camera IK-WP41A - Auth Bypass / Configuration Download
  54. [webapps] - C2S DVR Management IRDOME-II-C2S, IRBOX-II-C2S, DVR - Credentials Disclos
  55. [webapps] - JVC IP-Camera VN-T216VPRU - Credentials Disclosure
  56. [webapps] - Vanderbilt IP-Camera CCPW3025-IR, CVMW3025-IR - Credentials Disclosure
  57. [webapps] - SIEMENS IP Cameras (Multiple Models) - Credential Disclosure / Configurat
  58. [remote] - Cisco ASA 8.X - Authentication Bypass (EXTRABACON)
  59. [webapps] - Honeywell IP-Camera HICC-1100PT - Credentials Disclosure
  60. [webapps] - SIEMENS IP Camera CCMW1025 x.2.2.1798 - Remote Admin Credentials Change
  61. [shellcode] - Windows x86 - InitiateSystemShutdownA() Shellcode (599 bytes)
  62. [dos] - Microsoft GDI+ - EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap-Based Buffer Overf
  63. [webapps] - SIEMENS IP-Camera CVMS2025-IR, CCMS2025 - Credentials Disclosure
  64. [dos] - Internet Explorer - MSHTML!CMultiReadStreamLifetimeManager::ReleaseThr eadStat
  65. [webapps] - Nagios Incident Manager 2.0.0 - Multiple Vulnerabilities
  66. [webapps] - Nagios Network Analyzer 2.2.0 - Multiple Vulnerabilities
  67. [webapps] - Nagios Log Server 1.4.1 - Multiple Vulnerabilities
  68. [webapps] - Pi-Hole Web Interface 2.8.1 - Stored XSS in Whitelist/Blacklist
  69. [webapps] - Lepton CMS 2.2.0 / 2.2.1 - PHP Code Injection
  70. [webapps] - Lepton CMS 2.2.0 / 2.2.1 - Directory Traversal
  71. [shellcode] - Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes)
  72. [shellcode] - Windows x86 - MessageBoxA Shellcode (242 bytes)
  73. [papers] - [Turkish] Drupal Coder Vulnerability Analysis & MSF Module Dev
  74. [dos] - Google Chrome 26.0.1410.43 (Webkit) - OBJECT Element Use After Free PoC
  75. [webapps] - WSO2 Carbon 4.4.5 - (Denial of Service) CSRF
  76. [webapps] - WSO2 Carbon 4.4.5 - Stored XSS
  77. [webapps] - WSO2 Carbon 4.4.5 - Local File Inclusion
  78. [webapps] - WSO2 Identity Server 5.1.0 - Multiple Vulnerabilities
  79. [dos] - Microsoft Office Word 2013,2016 - sprmSdyaTop Denial of Service (MS16-099)
  80. [webapps] - Zabbix 2.2.x, 3.0.x - SQL Injection
  81. [webapps] - GitLab - "impersonate" Feature Privilege Escalation
  82. [remote] - Samsung Smart Home Camera SNH-P-6410 - Command Injection
  83. [remote] - Easy FTP Server - "APPE" Command Buffer Overflow Remote Exploit
  84. [remote] - Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution (Multithreaded Sca
  85. [webapps] - FreePBX 13 / 14 - Remote Code Execution
  86. [webapps] - ColoradoFTP 1.3 Prime Edition (Build 8) - Directory Traversal
  87. [local] - EyeLock Myris 3.3.2 - SDK Service Unquoted Service Path Privilege Escalatio
  88. [webapps] - vBulletin 5.2.2 - Preauth Server Side Request Forgery (SSRF)
  89. [webapps] - EyeLock nano NXT 3.5 - Local File Disclosure
  90. [webapps] - EyeLock nano NXT 3.5 - Remote Root Exploit
  91. [dos] - SAP SAPCAR - Multiple Vulnerabilities
  92. [webapps] - WebNMS Framework Server 5.2 and 5.2 SP1 - Multiple Vulnerabilities
  93. [dos] - Microsoft Office Word 2007,2010,2013,2016 - Out-of-Bounds Read Remote Code Ex
  94. [webapps] - Nagios Network Analyzer 2.2.1 - Multiple CSRF
  95. [shellcode] - Linux/x86 - zsh TCP Bind Shell Port 9090 (96 bytes)
  96. [shellcode] - Linux/x86 - zsh Reverse TCP Shellcode port 9090 (80 bytes)
  97. [webapps] - WordPress Add From Server Plugin < 3.3.2 - (File Upload) CSRF
  98. [webapps] - phpCollab CMS 2.5 - (emailusers.php) SQL Injection
  99. [local] - Microsoft Windows Group Policy - Privilege Escalation (MS16-072)
  100. [webapps] - Navis WebAccess - SQL Injection
  101. [remote] - Drupal Module Coder < 7.x-1.3 / 7.x-2.6 - Remote Code Execution Exploit (S
  102. [webapps] - NUUO NVRmini 2 3.0.8 - (strong_user.php) Backdoor Remote Shell Access
  103. [webapps] - NUUO NVRmini 2 3.0.8 - Arbitrary File Deletion
  104. [webapps] - NUUO NVRmini 2 3.0.8 - ShellShock Remote Code Execution
  105. [webapps] - NUUO NVRmini 2 3.0.8 - Multiple OS Command Injection
  106. [webapps] - NUUO NVRmini 2 3.0.8 - Local File Disclosure
  107. [webapps] - NUUO NVRmini 2 3.0.8 - (Add Admin) CSRF
  108. [webapps] - NUUO NVRmini 2 3.0.8 - Remote Root Exploit
  109. [dos] - Kodi Web Server 16.1 - Denial of Service
  110. [webapps] - NASdeluxe NDL-2400r 2.01.09 - OS Command Injection
  111. [webapps] - WordPress Count per Day Plugin 3.5.4 - Stored Cross-Site Scripting
  112. [webapps] - Davolink DV-2051 - Multiple Vulnerabilities
  113. [webapps] - PHP Power Browse 1.2 - Directory Traversal
  114. [local] - zFTP Client 20061220 - (Connection Name) Local Buffer Overflow
  115. [webapps] - Subrion CMS 4.0.5 - SQL Injection
  116. [remote] - ntop 2.3
  117. [remote] - NUUO NVRmini2 / NVRsolo / Crystal Devices and NETGEAR ReadyNAS Surveillanc
  118. [dos] - Wireshark 2.0.0 to 2.0.4, 1.12.0 to 1.12.12 - RLC Dissector Denial of Service
  119. [dos] - Wireshark 2.0.0 to 2.0.4, 1.12.0 to 1.12.12 - WSP Dissector Denial of Service
  120. [dos] - Wireshark 2.0.0 to 2.0.4, 1.12.0 to 1.12.12 - PacketBB Dissector Denial of Se
  121. [dos] - Wireshark 2.0.0 to 2.0.4 - CORBA IDL Dissectors Denial of Service
  122. [dos] - Wireshark 2.0.0 to 2.0.4 - MMSE, WAP, WBXML, and WSP Dissectors Denial of Ser
  123. [dos] - Wireshark 1.12.0 to 1.12.12 - NDS Dissector Denial of Service
  124. [webapps] - Open Upload 0.4.2 - (Add Admin) CSRF
  125. [dos] - Halliburton LogView Pro 9.7.5 - (.cgm/.tif/.tiff/.tifh) Crash PoC
  126. [webapps] - WordPress WP Live Chat Support Plugin 6.2.03 - Stored XSS
  127. [webapps] - WordPress ALO EasyMail Newsletter Plugin 2.9.2 - (Add/Import Arbitrary Su
  128. [webapps] - WordPress Booking Calendar Plugin 6.2 - SQL Injection
  129. [papers] - [Hebrew] Digital Whisper Security Magazine #74
  130. [webapps] - PhpMyAdmin 4.6.2 - Post-Auth Remote Code Execution
  131. [dos] - WebKit - TypedArray.copyWithin Memory Corruption
  132. [webapps] - Trend Micro Deep Discovery 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) - hotf
  133. [shellcode] - Linux/x86 - NetCat Bind Shell with Port (44, 52 bytes)
  134. [remote] - Easy File Sharing Web Server 7.2 - SEH Overflow (Egghunter)
  135. [remote] - Barracuda Web Application Firewall 8.0.1.008 - Post Auth Remote Root Explo
  136. [remote] - Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - Post Auth R
  137. [shellcode] - Windows x86 - localhost Port Scanner Shellcode (556 bytes)
  138. [webapps] - Wordpress Ultimate Product Catalog 3.9.8 - (do_shortcode via ajax) Blind
  139. [local] - mySCADAPro 7 - Local Privilege Escalation
  140. [local] - VUPlayer 2.49 - (.pls) Stack Buffer Overflow (DEP Bypass)
  141. [webapps] - AXIS Multiple Products - Authenticated Remote Command Execution via devto
  142. [remote] - Centreon 2.5.3 - Web Useralias Command Execution (Metasploit)
  143. [local] - VMware - Setuid vmware-mount Popen lsb_release Privilege Escalation (VMSA-2
  144. [remote] - Iris ID IrisAccess iCAM4000/iCAM7000 - Hardcoded Credentials Remote Shell
  145. [webapps] - Iris ID IrisAccess ICU 7000-2 - Remote Root Command Execution
  146. [webapps] - Iris ID IrisAccess ICU 7000-2 - Multiple Vulnerabilities
  147. [webapps] - PHP File Vault 0.9 - Directory Traversal
  148. [remote] - Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Post Auth R
  149. [webapps] - Micro Focus Filr 2 2.0.0.421, Filr 1.2 1.2.0.846 - Multiple Vulnerabiliti
  150. [webapps] - Bellini/Supercook Wi-Fi Yumi SC200 - Multiple Vulnerabilities
  151. [webapps] - PHP gettext (gettext.php) 1.0.12 - Unauthenticated Code Execution
  152. [local] - CoolPlayer+ Portable 2.19.6 - .m3u Stack Overflow (Egghunter+ASLR bypass)
  153. [papers] - Cryptshare 3.10.1.2 - Stored XSS
  154. [webapps] - GRR Système de Gestion et de Réservations de Ressources 3.0.0-RC1 - Arbit
  155. [dos] - PHP 7.0.8, 5.6.23 and 5.5.37 - bzread() Out-of-Bounds Write
  156. [webapps] - Ubee EVW3226 Modem/Router 1.0.20 - Multiple Vulnerabilities
  157. [webapps] - Technicolor TC7200 Modem/Router STD6.02.11 - Multiple Vulnerabilities
  158. [webapps] - Hitron CGNV4 Modem/Router 4.3.9.9-SIP-UPC - Multiple Vulnerabilities
  159. [webapps] - Compal CH7465LG-LC Modem/Router CH7465LG-NCIP-4.50.18.13-NOSH - Multiple
  160. [webapps] - CodoForum 3.2.1 - SQL Injection
  161. [local] - Rapid7 AppSpider 6.12 - Local Privilege Escalation
  162. [remote] - Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Remote Comm
  163. [remote] - Barracuda Spam & Virus Firewall 5.1.3.007 - Remote Command Execution (Meta
  164. [local] - MediaCoder 0.8.43.5852 - .m3u SEH Exploit
  165. [webapps] - Drupal CODER Module 2.5 - Remote Command Execution (Metasploit)
  166. [local] - mail.local(8) (NetBSD) - Local Root Exploit (NetBSD-SA2016-006)
  167. [remote] - Apache 2.4.7 & PHP
  168. [papers] - Novel contributions to the field - How I broke MySQL's codebase
  169. [remote] - TFTP Server 1.4 - WRQ Buffer Overflow Exploit (Egghunter)
  170. [shellcode] - Linux/x86-64 - Subtle Probing Reverse Shell, Timer, Burst, Password, Mu
  171. [webapps] - TeamPass Passwords Management System 2.1.26 - Arbitrary File Download
  172. [local] - Wowza Streaming Engine 4.5.0 - Local Privilege Escalation
  173. [webapps] - Wowza Streaming Engine 4.5.0 - Remote Privilege Escalation
  174. [webapps] - Wowza Streaming Engine 4.5.0 - Add Advanced Admin CSRF
  175. [remote] - OpenSSHD
  176. [webapps] - Wowza Streaming Engine 4.5.0 - Multiple XSS
  177. [webapps] - WordPress Video Player Plugin 1.5.16 - SQL Injection
  178. [shellcode] - Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes)
  179. [webapps] - Django CMS 3.3.0 - (Editor Snippet) Persistent XSS
  180. [remote] - Drupal RESTWS Module 7.x - Remote PHP Code Execution (Metasploit)
  181. [shellcode] - Linux/x86 - execve /bin/sh Shellcode (19 bytes)
  182. [webapps] - newsp.eu PHP Calendar Script 1.0 - User Credentials Disclosure
  183. [webapps] - NewsP Free News Script 1.4.7 - User Credentials Disclosure
  184. [papers] - Exploiting Apache James Server 2.3.2
  185. [remote] - Axis Communications MPQT/PACS 5.20.x - Server Side Include (SSI) Daemon Re
  186. [shellcode] - Linux/x86-64 - Syscall Persistent Bind Shell + (Multi-terminal) + Passw
  187. [remote] - Meinberg NTP Time Server ELX800/GPS M4x V5.30p - Remote Command Execution
  188. [WebApps] - vBulletin 5.x/4.x - Persistent XSS in AdminCP/ApiLog via xmlrpc API (Post
  189. [WebApps] - vBulletin 4.x - SQLi in breadcrumbs via xmlrpc API (Post-Auth)
  190. [Local] - Internet Explorer 11 (on Windows 10) - VBScript Memory Corruption Proof-of-
  191. [Remote] - DropBearSSHD
  192. [remote] - OpenSSHD
  193. [webapps] - Clear Voyager Hotspot IMW-C910W - Arbitrary File Disclosure
  194. [webapps] - Joomla Guru Pro (com_guru) Component - SQL Injection
  195. [shellcode] - Linux x86 Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.
  196. [webapps] - Apache Archiva 1.3.9 - Multiple CSRF Vulnerabilities
  197. [remote] - Riverbed SteelCentral NetProfiler/NetExpress Remote Code Execution
  198. [local] - MS16-032 Secondary Logon Handle Privilege Escalation
  199. [dos] - Adobe Flash Player 22.0.0.192 - DefineSprite Memory Corruption
  200. [dos] - Adobe Flash Player 22.0.0.192 - DefineBitsJPEG2 Memory Corruption
  201. [webapps] - GSX Analyzer 10.12 and 11 - Main.swf Hardcoded Superadmin Credentials
  202. [shellcode] - Windows x86 URLDownloadToFileA()+SetFileAttributesA()+WinExec( )+ExitPro
  203. [dos] - Adobe Flash Player 22.0.0.192 - SceneAndFrameData Memory Corruption
  204. [dos] - Adobe Flash Player 22.0.0.192 - TAG Memory Corruption
  205. [webapps] - Clinic Management System - Blind SQL Injection
  206. [webapps] - Beauty Parlour & SPA Saloon Management System - Blind SQL Injection
  207. [webapps] - WordPress All in One SEO Pack Plugin 2.3.6.1 - Persistent XSS
  208. [webapps] - Belkin Router AC1200 Firmware 1.00.27 - Authentication Bypass
  209. [remote] - Ruby on Rails ActionPack Inline ERB Code Execution
  210. [local] - MS16-016 mrxdav.sys WebDav Local Privilege Escalation
  211. [remote] - Tiki Wiki 15.1 - Unauthenticated File Upload Vulnerability (msf)
  212. [dos] - Adobe Flash - ATF Image Packing Overflow
  213. [webapps] - Tiki Wiki CMS 15.0 - Arbitrary File Download
  214. [shellcode] - Linux x86-64 Continuously-Probing Reverse Shell via Socket + Port-range
  215. [webapps] - Streamo Online Radio And TV Streaming CMS - SQL Injection
  216. [webapps] - CyberPower Systems PowerPanel 3.1.2 - XXE Out-Of-Band Data Retrieval
  217. [webapps] - php Real Estate Script 3 - Arbitrary File Disclosure
  218. [shellcode] - Linux x86 TCP Reverse Shellcode - 75 bytes
  219. [dos] - Microsoft WinDbg logviewer.exe - Crash PoC
  220. [dos] - Microsoft Process Kill Utility (kill.exe) 6.3.9600.17298 - Crash PoC
  221. [local] - InstantHMI 6.1 - Privilege Escalation
  222. [local] - Hide.Me VPN Client 1.2.4 - Privilege Escalation
  223. [webapps] - WordPress Lazy Content Slider Plugin 3.4 - (Add Catetory) CSRF
  224. [local] - GE Proficy HMI/SCADA CIMPLICITY 8.2 - Local Privilege Escalation
  225. [webapps] - OPAC KpwinSQL - Multiple Vulnerabilities
  226. [dos] - Core FTP LE 2.2 - Path Field Local Buffer Overflow
  227. [local] - VUPlayer 2.49 - .m3u Buffer Overflow Exploit (Win 7 DEP Bypass)
  228. [remote] - Nagios XI Chained Remote Code Execution
  229. [local] - Samsung Android JACK - Privilege Escalation
  230. [webapps] - OpenFire 3.10.2 - 4.0.1 - Multiple Vulnerabilities
  231. [remote] - GNU Wget < 1.18 - Arbitrary File Upload/Remote Code Execution
  232. [webapps] - PaKnPost Pro 1.14 - Multiple Vulnerabilities
  233. [webapps] - Advanced Webhost Billing System (AWBS) 2.9.6 - Multiple Vulnerabilities
  234. [shellcode] - Linux 64bit Ncat Shellcode (SSL, MultiChannel, Persistant, Fork, IPv4/6
  235. [webapps] - 24online SMS_2500i 8.3.6 build 9.0 - SQL Injection
  236. [webapps] - CIMA DocuClass ECM - Multiple Vulnerabilities
  237. [shellcode] - Linux x86 TCP Bind Shell Port 4444 - 98 bytes
  238. [webapps] - eCardMAX 10.5 - Multiple Vulnerabilities
  239. [webapps] - WebCalendar 1.2.7 - Multiple Vulnerabilities
  240. [webapps] - WordPress Real3D FlipBook Plugin - Multiple Vulnerabilities
  241. [local] - Debian Exim - Spool Local Root Privilege Escalation
  242. [local] - Ubuntu 16.04 Kernel 4.4.0-21-generic - netfilter target_offset Local root E
  243. [shellcode] - Linux 64bit NetCat Bind Shell Shellcode - 64 bytes
  244. [webapps] - Ktools Photostore 4.7.5 - Multiple Vulnerabilities
  245. [webapps] - XpoLog Center 6 - Remote Command Execution CSRF
  246. [local] - Ubuntu 16.04 local root exploit - netfilter target_offset OOB
  247. [webapps] - Phoenix Exploit Kit - Remote Code Execution
  248. [webapps] - Ktools Photostore 4.7.5 - Blind SQL Injection
  249. [webapps] - Concrete5 5.7.3.1 - (Application::dispatch) Local File Inclusion
  250. [webapps] - Ubiquiti Administration Portal - CSRF to Remote Command Execution