Grizz - Newest Exploit/0day List [UPDATED DAILY]

[Grizz]

I will be updating this thread on a daily basis with the newest vulnerabilities I know of and corresponding exploits to these vulnerabilities (if existent).
​

DISCLAIMER: I may or may not have any direct or indirect association with the following vulnerabilities or exploits. I will not be held responsible for what people may or may not do with such information. This information is here for SECURITY and LEARNING purposes ONLY!!​

All Vulnerabilities/Exploits from 10/5/2011 and on will be listed, I will not even waste my time listing vulnerabilities older than this date. If you do not see a vulnerability in a certain catagory, check back in a few days and I'm sure I will have some fresh ones.

Web Applications/0days:

Spoiler

10/12/2011 - WordPress GD Star Rating plugin <= 1.9.10 SQL Injection - http://pastebin.com/XceE6A49

10/12/2011 - WP-SpamFree WordPress Spam Plugin SQL Injection Vulnerability - http://pastebin.com/wSi6Vvwe

10/11/2011 - Climeweb Blind SQL Injection Vulnerability - http://pastebin.com/vB1f8cjc

10/10/2011 - MyBB Forum Userbar Plugin (Userbar v2.2) SQL Injection - http://pastebin.com/VaNZDuiK

10/10/2011 - MyBB Advanced Forum Signatures (afsignatures-2.0.4) SQL Injection - http://pastebin.com/7fv0NcPx

10/10/2011 - POSH Multiple Vulnerabilities - http://pastebin.com/AnQmq4sY

10/10/2011 - Cotonti CMS v0.9.4 Multiple Remote Vulnerabilities - http://pastebin.com/ks7wwr72

10/10/2011 - RoundCube 0.3.1 XRF/SQL injection - http://pastebin.com/8M5GiSAb

10/10/2011 - 6kbbs Multiple Vulnerabilities - http://pastebin.com/kcYtBD11

10/10/2011 - Filmis 0.2 Beta Multiple Vulnerabilities - http://pastebin.com/7CMtHw7g

10/10/2011 - KaiBB 2.0.1 SQL Injection vulnerability - http://pastebin.com/ZKUmtbrw

10/10/2011 - Sparhawk (shop) SQL Injection Vulnerability - http://pastebin.com/wS9bWm8w

10/7/2011 - EFront <= 3.6.9 Community Edition Multiple Vulnerabilities - http://pastebin.com/tRPrEtf4

10/7/2011 - Url shortener script 1.0 sql injection Vulnerabilities - http://pastebin.com/BUgzFfzY

Local Host Exploits

Spoiler

10/12/2011 - FreeBSD 8.0 Local Root Exploit - http://pastebin.com/U4EX6kLQ

10/11/2011 - ACDSee FotoSlate PLP File id Parameter Overflow - http://pastebin.com/zwZrvjqB

10/11/2011 - TugZip 3.5 Zip File Parsing Buffer Overflow Vulnerability - http://pastebin.com/rEVUn2tb

10/9/2011 - Linux Kernel 2.6.9-34 Local root Exploit - http://pastebin.com/Nsw2WbQe

10/8/2011 - pkexec Race Condition Privilege Escalation Exploit - http://pastebin.com/YNYr29hS

10/8/2011 - Linux Kernel 2.6.22 Local root Exploit - http://pastebin.com/8FQUZ9Bw

10/7/2011 - Linux Kernel el5 Local root Exploit - http://pastebin.com/GPBmjwd8

10/6/2011 - Linux kernel-2.6.18-6 x86 Local Root Exploit - http://pastebin.com/W7V0H717

10/5/2011 - PolicyKit Pwnage: linux local privilege escalation on polkit-1 <= 0.101 - http://pastebin.com/N8imfKYz

Remote Host Exploits

Spoiler

10/12/2011 - Mozilla Firefox Array.reduceRight() Integer Overflow Exploit - http://pastebin.com/i4xt35dj

10/11/2011 - Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC - http://pastebin.com/hhf28xPh

10/10/2011 - Opera Browser 10/11/12 (SVG layout) Memory Corruption (0day) - http://pastebin.com/W0vHm3c7

10/9/2011 - ScriptFTP <= 3.3 Remote Buffer Overflow (LIST) - http://pastebin.com/MkzmM8QT

10/7/2011 - Spreecommerce 0.60.1 Arbitrary Command Execution - http://pastebin.com/03Lf7NHc

10/6/2011 - Opera 10/11 (bad nesting with frameset tag) Memory Corruption - http://pastebin.com/FbYY9tZn

I will keep this thread updated daily, I just decided I would do this in case anyone wanted to easily keep tabs on the newest vulnerabilities and exploits floating around. Feel free to post any new/unknown vulnerabilities or exploits here and I will add them to the thread. ​

 

[.Judgement]

Great tutorial, although I recommend you go a bit more indepth for the noobies out there.

+ repped.

Keep it up.

 

[Nestea]

I am the noob ^ he speaks of, but none the less, nice to see more people contributing!

 

[Communication]

Content looks good, nonetheless I'm to noob to understand.

 

[Legend_mybb_import19480]

I'll delve into these when I get back home, they look interesting - thanks for posting them.

 

[shelboi]

thanks this is very interesting ive been trying to get into this for a while

 

[Grizz]

Yeah I was thinking about a seperate tutorial on how you execute such exploits. But I thought to myself "This would be far more likely to create a ton of script kiddies, rather than legitimate hackers." So I didn't. :$

 

[Grizz]

Updated the thread with 11 more exploits/0days.

 

[shelboi]

grizz are you finding these yourself?

 

[Grizz]

grizz are you finding these yourself?

Some may or may not be my personal discoveries. I'd rather not divulge such information for legal reasons.

 

[Grizz]

Updated the thread with 4 more exploits/vulnerabilities. :}

 

[Spitzy]

Nice thanks for this =)

 

[Grizz]

Nice thanks for this =)

No problem hope you enjoy using them to your benefit. :3

 

[Kill_Joy]

Thanks for the daily vulnerabilities Will try them.

 

[Grizz]

Updated the thread with another 0day, I will update the thread twice today. ^^

 

[Grizz]

Updated the thread with 3 more exploits/0days. :3