Grizz - Newest Exploit/0day List [UPDATED DAILY]

Is this thread useful to you?

  • Fuck Yes!

    Votes: 0 0.0%
  • No, you suck fat meat!

    Votes: 0 0.0%

  • Total voters
    0

Grizz

Member
Reputation
0
I will be updating this thread on a daily basis with the newest vulnerabilities I know of and corresponding exploits to these vulnerabilities (if existent).
DISCLAIMER: I may or may not have any direct or indirect association with the following vulnerabilities or exploits. I will not be held responsible for what people may or may not do with such information. This information is here for SECURITY and LEARNING purposes ONLY!!

All Vulnerabilities/Exploits from 10/5/2011 and on will be listed, I will not even waste my time listing vulnerabilities older than this date. If you do not see a vulnerability in a certain catagory, check back in a few days and I'm sure I will have some fresh ones.

Web Applications/0days:

10/12/2011 - WordPress GD Star Rating plugin <= 1.9.10 SQL Injection - http://pastebin.com/XceE6A49

10/12/2011 - WP-SpamFree WordPress Spam Plugin SQL Injection Vulnerability - http://pastebin.com/wSi6Vvwe

10/11/2011 - Climeweb Blind SQL Injection Vulnerability - http://pastebin.com/vB1f8cjc

10/10/2011 - MyBB Forum Userbar Plugin (Userbar v2.2) SQL Injection - http://pastebin.com/VaNZDuiK

10/10/2011 - MyBB Advanced Forum Signatures (afsignatures-2.0.4) SQL Injection - http://pastebin.com/7fv0NcPx

10/10/2011 - POSH Multiple Vulnerabilities - http://pastebin.com/AnQmq4sY

10/10/2011 - Cotonti CMS v0.9.4 Multiple Remote Vulnerabilities - http://pastebin.com/ks7wwr72

10/10/2011 - RoundCube 0.3.1 XRF/SQL injection - http://pastebin.com/8M5GiSAb

10/10/2011 - 6kbbs Multiple Vulnerabilities - http://pastebin.com/kcYtBD11

10/10/2011 - Filmis 0.2 Beta Multiple Vulnerabilities - http://pastebin.com/7CMtHw7g

10/10/2011 - KaiBB 2.0.1 SQL Injection vulnerability - http://pastebin.com/ZKUmtbrw

10/10/2011 - Sparhawk (shop) SQL Injection Vulnerability - http://pastebin.com/wS9bWm8w

10/7/2011 - EFront <= 3.6.9 Community Edition Multiple Vulnerabilities - http://pastebin.com/tRPrEtf4

10/7/2011 - Url shortener script 1.0 sql injection Vulnerabilities - http://pastebin.com/BUgzFfzY

Local Host Exploits

10/12/2011 - FreeBSD 8.0 Local Root Exploit - http://pastebin.com/U4EX6kLQ

10/11/2011 - ACDSee FotoSlate PLP File id Parameter Overflow - http://pastebin.com/zwZrvjqB

10/11/2011 - TugZip 3.5 Zip File Parsing Buffer Overflow Vulnerability - http://pastebin.com/rEVUn2tb

10/9/2011 - Linux Kernel 2.6.9-34 Local root Exploit - http://pastebin.com/Nsw2WbQe

10/8/2011 - pkexec Race Condition Privilege Escalation Exploit - http://pastebin.com/YNYr29hS

10/8/2011 - Linux Kernel 2.6.22 Local root Exploit - http://pastebin.com/8FQUZ9Bw

10/7/2011 - Linux Kernel el5 Local root Exploit - http://pastebin.com/GPBmjwd8

10/6/2011 - Linux kernel-2.6.18-6 x86 Local Root Exploit - http://pastebin.com/W7V0H717

10/5/2011 - PolicyKit Pwnage: linux local privilege escalation on polkit-1 <= 0.101 - http://pastebin.com/N8imfKYz

Remote Host Exploits

10/12/2011 - Mozilla Firefox Array.reduceRight() Integer Overflow Exploit - http://pastebin.com/i4xt35dj

10/11/2011 - Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC - http://pastebin.com/hhf28xPh

10/10/2011 - Opera Browser 10/11/12 (SVG layout) Memory Corruption (0day) - http://pastebin.com/W0vHm3c7

10/9/2011 - ScriptFTP <= 3.3 Remote Buffer Overflow (LIST) - http://pastebin.com/MkzmM8QT

10/7/2011 - Spreecommerce 0.60.1 Arbitrary Command Execution - http://pastebin.com/03Lf7NHc

10/6/2011 - Opera 10/11 (bad nesting with frameset tag) Memory Corruption - http://pastebin.com/FbYY9tZn

I will keep this thread updated daily, I just decided I would do this in case anyone wanted to easily keep tabs on the newest vulnerabilities and exploits floating around. Feel free to post any new/unknown vulnerabilities or exploits here and I will add them to the thread.
 
Great tutorial, although I recommend you go a bit more indepth for the noobies out there.

+ repped.

Keep it up.
 
I am the noob ^ he speaks of, but none the less, nice to see more people contributing!
 
thanks this is very interesting ive been trying to get into this for a while
 
Yeah I was thinking about a seperate tutorial on how you execute such exploits. But I thought to myself "This would be far more likely to create a ton of script kiddies, rather than legitimate hackers." So I didn't. :$
 
shelboi said:
grizz are you finding these yourself?

Some may or may not be my personal discoveries. I'd rather not divulge such information for legal reasons. :D
 
Nice thanks for this =)
 
Thanks for the daily vulnerabilities :) Will try them.
 
Updated the thread with another 0day, I will update the thread twice today. ^^
 
Back
Top