CVE
Links
List
- CVE-2023-3269: StackRot
- CVE-2022-29867 Remote kernel heap overflow on PS4
- CVE-2022-23088 exploiting a heap overflow in the freebsd wi-fi stack
- CVE-2022-22057 a use-after-free in the Qualcomm gpu kernel driver
- CVE-2022-21449: Psychic Signatures in Java
- CVE-2022-2585 A race condition in the way CLOCK_THREAD_CPUTIME_ID works
- CVE-2022-1015-1016 two vulnerabilties found in the
nf_tables
component of the netfilter subsystem in the Linux kernel. - CVE-2022-0847 dirty pipe
- CVE-2021-33909 Sequoia: A deep root in Linux's filesystem layer
- CVE-2021-31440: AN INCORRECT BOUNDS CALCULATION IN THE LINUX KERNEL EBPF VERIFIER
- CVE-2021-30465: runc mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs
- CVE-2021-26708 Four Bytes of Power: exploiting CVE-2021-26708 in the Linux kernel
- CVE-2021-23017:
nginx
DNS Resolver Off-by-One Heap Write Vulnerability - CVE-2021-22555 Turning \x00\x00 into 10000$
- CVE-2021-21225 a vulnerability in V8's Array.prototype.concat implementation
- part 2 with the exploit
- CVE-2021-21017 Analysis of a Heap Buffer-Overflow Vulnerability in Adobe Acrobat Reader DC
- CVE-2021-4034 PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec
- CVE-2021-3156
sudo
heap based overflow - Exim's Multiple vulnerabilities:
- CVE-2020-28007: Link attack in Exim's log directory
- CVE-2020-28008: Assorted attacks in Exim's spool directory
- CVE-2020-28014: Arbitrary file creation and clobbering
- CVE-2021-27216: Arbitrary file deletion
- CVE-2020-28011: Heap buffer overflow in queue_run()
- CVE-2020-28010: Heap out-of-bounds write in main()
- CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
- CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
- CVE-2020-28015: New-line injection into spool header file (local)
- CVE-2020-28012: Missing close-on-exec flag for privileged pipe
- CVE-2020-28009: Integer overflow in get_stdinput()
- CVE-2020-28017: Integer overflow in receive_add_recipient()
- CVE-2020-28020: Integer overflow in receive_msg()
- CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
- CVE-2020-28021: New-line injection into spool header file (remote)
- CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
- CVE-2020-28026: Line truncation and injection in spool_read_header()
- CVE-2020-28019: Failure to reset function pointer after BDAT error
- CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
- CVE-2020-28018: Use-after-free in tls-openssl.c
- CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
- CVE-2020-13629 Espressif ESP32: Bypassing Encrypted Secure Boot
- CVE-2020-11060 An arbitrary path and a hashed path disclosure can be abused to execute code on a GLPI host, by creating a PHP/GZIP polyglot file.
- CVE-2020-10713 Grubbing Secure Boot the Wrong Way: OOB in the GRUB parser
- CVE-2020-8835
- CVE-2020-0423: Exploiting a Single Instruction Race Condition in Binder
- CVE-2019-18683: Linux kernel UAF caused by a race condition in the V4L subsystem.
- CVE-2019-18634: first writeup, second writeup In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process.
- CVE-2019-11484
- CVE-2019-11707 Exploit code for a vulnerability in Firefox, found by saelo and coinbase security
- CVE-2019-11932 How a double-free bug in WhatsApp turns to RCE
- CVE-2019-14378 Qemu escape
- CVE-2019-13272 Linux 4.10 < 5.1.17 PTRACE_TRACEME local root PoC
- CVE-2019-2215
- CVE-2019-2107 Android stagefright-like HW vulnerability
- CVE-2019–0708 A Debugging Primer with CVE-2019–0708
- CVE-2019–0708 BlueKeep: A Journey from DoS to RCE (CVE-2019-0708)
- CVE-2019-0752 RCE WITHOUT NATIVE CODE: EXPLOITATION OF A WRITE-WHAT-WHERE IN INTERNET EXPLORER
- CVE-2019-0211 Apache Root Privilege Escalation
- CVE-2018-13784: PrestaShop 1.6.x Privilege Escalation
- CVE-2018-8120 RCE in Acrobat reader
- CVE-1028-7445 Finding and exploiting CVE-2018–7445 (unauthenticated RCE in MikroTik’s RouterOS SMB)
- CVE-2017-11176: A step-by-step Linux Kernel exploitation
- CVE-2017-0781 BlueBorne RCE on Android 6.0.1
- CVE-2016-6187 Exploiting Linux kernel heap off-by-one
- CVE-2016-5195 also known as Dirty Cow, another writeup
- CVE-2016-3714 ImageMagick RCE
- CVE-2016-3132 Double Free in Standard PHP Library Double Link List
- CVE-2016-2384 Exploiting a double-free in the USB-MIDI Linux kernel driver
- CVE-2016-0728
- CVE-2015-3864 stagefright
- Analysis of PHP's CVE-2016-6289 and CVE-2016-6297
- CVE-2016-5696 Off-Path TCP Exploits
- Slides for CVE-2016-5340, CVE-2016-2504, CVE-2016-2503 and CVE-2016-2059
- CVE-2016-8655 Linux
af_packet.c
race condition - vmnc decoder
- CVE-2015-6565
- Android kernel CVE POCs
- CVE-2017-6074
- repo with POC
- Unix privilege escalation exploits pack
- CVE-2016-7201 IE Edge
- CVE-2017-1000366 Stack clash
- Solving a post exploitation issue with CVE-2017-7308
- CVE-2017-2636 race condition in the n_hdlc Linux kernel driver bypassing SMEP
- CVE-2018-6789: Exim Off-by-one RCE
Writeup
- How we broke PHP, hacked Pornhub and earned 20.000$
- Explaining Dirty COW local root exploit - CVE-2016-5195 Video
- PS4 kernel exploit write-up for 4.05