Skip to content
/ Disclosures Public
forked from alisaesage/Disclosures

Zero-day and N-day security vulnerability notes, analysis, and proof-of-concepts

0 stars 82 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

KurSh/Disclosures

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits

CVE-2009-2629_nginx_http

CVE-2009-2629_nginx_http

 
 

CVE-2013-0007_MSXML6

CVE-2013-0007_MSXML6

 
 

CVE-2014-4060_Windows_Media_Player

CVE-2014-4060_Windows_Media_Player

 
 

CVE-2014-XXXX_InduSoft_SchneiderElectric

CVE-2014-XXXX_InduSoft_SchneiderElectric

 
 

CVE-2015-2515_Windows_Shell

CVE-2015-2515_Windows_Shell

 
 

CVE-2015-XXXX_MSOffice_Word

CVE-2015-XXXX_MSOffice_Word

 
 

CVE-2016-0143_win32k

CVE-2016-0143_win32k

 
 

CVE-2016-0171_win32k

CVE-2016-0171_win32k

 
 

CVE-2017-XXXX_Jscript9_IE

CVE-2017-XXXX_Jscript9_IE

 
 

CVE-2017-XXXX_WindowsDefender

CVE-2017-XXXX_WindowsDefender

 
 

CVE-2018-0893_MSEdge

CVE-2018-0893_MSEdge

 
 

CVE-2018-16845_nginx_mp4

CVE-2018-16845_nginx_mp4

 
 

CVE-2018-5144_Firefox_Thunderbird

CVE-2018-5144_Firefox_Thunderbird

 
 

CVE-2018-5178_Firefox_Thunderbird

CVE-2018-5178_Firefox_Thunderbird

 
 

CVE-2018-6981_VMWare_ESXi

CVE-2018-6981_VMWare_ESXi

 
 

CVE-2018-FFFF_Chrome

CVE-2018-FFFF_Chrome

 
 

CVE-2018-XXXX_VirtualBox

CVE-2018-XXXX_VirtualBox

 
 

CVE-2019-0717_Hyper-V

CVE-2019-0717_Hyper-V

 
 

CVE-2019-FFFF_nginx_njs

CVE-2019-FFFF_nginx_njs

 
 

README.md

README.md

 
 

Repository files navigation

Disclosures

Zero-day and N-day security vulnerability notes, analysis, and proof-of-concepts

URL: https://github.com/badd1e/Disclosures

List

CVE-2009-2629: nginx http module Buffer Underflow Remote Code Execution Vulnerability
Patch analysis, testcase, notes

CVE-2013-0007: Microsoft XML Core Services 4-6 Use-after-free Vulnerability Vulnerability analysis, proof-of-concept exploit
Phrack paper

CVE-2014-4060: Microsoft Windows Media Center CSyncBasePlayer Use-After-Free Remote Code Execution Vulnerability
Analysis, testcase

CVE-2014-XXXX: Schneider Electric InduSoft Web Access Memory Corruption Vulnerability (multiple) Testcases, analysis
Part of a winning competition entry: Hack the smart city 2014

CVE-2014-XXXX: Microsoft Office Word 2010 Memory Corruption Vulnerability
Testcases, notes

CVE-2015-2515: Windows Shell Use-after-free Remote Code Execution Vulnerability
Testcases

CVE-2016-0143: Microsoft Win32k Elevation of Privilege Vulnerability
Vulnerability root cause analysis

CVE-2016-0171: Microsoft Win32k Elevation of Privilege Vulnerability
Vulnerability root cause analysis

CVE-2017-XXXX: Jscript9 Type Confusion Remote Code Execution Vulnerability
Testcase

CVE-2017-FFFF: Windows Defender Javascript Use-after-free Vulnerability
Testcase

CVE-2018-0893: Microsoft Edge Type Confusion Vulnerability
Testcase, analysis, proof-of-concept exploit

CVE-2018-16845: nginx module mp4 Out Of Bounds Read Information Disclosure Vulnerability
TBD

CVE-2018-5144: Firefox ESR and Thunderbird Integer Overflow Remote Code Execution Vulnerability
Theoretical analysis

CVE-2018-5178: Firefox ESR and Thunderbird Buffer Overflow Remote Code Execution Vulnerability
Theoretical analysis

CVE-2018-6981: VMWare ESXi and Workstation Uninitialized Variable RCE
Patch analysis, testcase

CVE-2018-FFFF: Chromium ANGLE Uninitialized Variable RCE
Theoretical analysis

CVE-2018-XXXX: VirtualBox 3D Virtualization Memory Corruption Elevation of Privilege Vulnerability (multiple)
Analysis

CVE-2019-0717: Hyper-V vmswitch.sys Out of Bounds Read Vulnerability
Proof-of-concept testcase

CVE-2019-FFFF: nginx module njs Heap Buffer Overflow Vulnerability (multiple)
TBD

Legend

CVE.*XXXX: the CVE was assigned, but I don't know it
CVE.*FFFF: the CVE ID was never assigned

Credits

All vulns here were found and proof-of-concept exploits developed by Alisa Esage, unless stated otherwise.
My trainings and mini-classes: Zero Day Engineering.
Twitter: @alisaesage.

About

Zero-day and N-day security vulnerability notes, analysis, and proof-of-concepts

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • HTML 58.4%
  • C 27.8%
  • C++ 12.2%
  • JavaScript 1.4%
  • Shell 0.2%