manifesto.txt
Our Vision
Information wants to be free.
We exist in the spaces between the lines of code.
This archive is a testament to the eternal cat-and-mouse game.
exploit_of_the_day.sh
~/$ cat target_payload
Linux Kernel 5.15 - 'Dirty Pipe' Local Privilege Escalation
By Max Kellermann
2022-03-07 00:00:00
| DATE | DESCRIPTION | PLATFORM | HITS | AUTHOR |
|---|---|---|---|---|
| 2009-06-29 |
VideoLAN VLC Media Player 0.9.9 smb:// URI Stack BOF PoC
ID: 1
Verified
|
8078 |
|
|
| 2009-06-23 |
Zen Cart 1.3.8 Remote SQL Execution Exploit
ID: 2
Verified
|
10319 |
|
|
| 2009-06-23 |
Zen Cart 1.3.8 Remote Code Execution Exploit
ID: 3
Verified
|
6697 |
|
|
| 2009-06-22 |
Bopup Communications Server 3.2.26.5460 Remote SYSTEM Exploit
ID: 4
Verified
|
5190 |
|
|
| 2009-06-22 |
MyBB <= 1.4.6 Remote Code Execution Exploit
ID: 5
Verified
|
7986 |
|
|
| 2009-06-18 |
DESlock+ 4.0.2 dlpcrypt.sys Local Kernel ring0 Code Execution Exploit
ID: 6
Verified
|
6173 |
|
| DATE | DESCRIPTION | PLATFORM | HITS | AUTHOR |
|---|---|---|---|---|
| 2026-07-15 |
CVE-2026-13385 - ASUS Router Improper Certificate and Integrity Validation Vulnerability
ID: 66
|
Routers | 1 |
|
| 2026-07-15 |
CVE-2026-15029 - ASUS System Control Interface Arbitrary Memory Access Vulnerability
ID: 64
|
1 |
|
|
| 2026-07-15 |
CVE-2026-8919 - ASUS GameSDK Cross-Domain Information Disclosure Vulnerability
ID: 62
|
2 |
|
|
| 2026-07-15 |
CVE-2026-11580 - Kali Forms < 2.4.17 - Contributor+ Arbitrary Post Metadata Disclosure via IDOR
ID: 59
|
1 |
|
|
| 2026-07-15 |
CVE-2026-12281 - Shibboleth < 2.5.4 - Unauthenticated Administrator Account Creation via Identity Header Spoofing
ID: 58
|
1 |
|
|
| 2026-07-15 |
CVE-2026-42936 - HYPER SBI DLL Hijacking Vulnerability
ID: 56
|
0 |
|
|
| 2009-07-01 |
ARD-9808 DVR Card Security Camera Arbitrary Config Disclosure Vuln
ID: 7
Verified
|
2247 |
|
| DATE | DESCRIPTION | PLATFORM | HITS | AUTHOR |
|---|---|---|---|---|
| 2026-07-15 |
CVE-2026-15030 - ASUS System Control Interface Out-of-Bounds Read
ID: 63
|
1 |
|
|
| 2022-03-07 |
Linux Kernel 5.15 - 'Dirty Pipe' Local Privilege Escalation
ID: 55
Verified
|
50211 |
|
|
| 2009-07-02 |
Oracle 10g SYS.LT.COMPRESSWORKSPACETREE SQL Injection Exploit
ID: 13
Verified
|
3095 |
|
|
| 2009-07-01 |
AudioPLUS 2.00.215 (.pls) Local Buffer Overflow Exploit (SEH)
ID: 14
Verified
|
1166 |
|
|
| 2009-07-01 |
AudioPLUS 2.00.215 (.lst & .m3u File) Local buffer Overflow (seh)
ID: 15
Verified
|
1007 |
|
|
| 2009-07-01 |
MP3-Nator 2.0 (.plf File) Universal Buffer Overflow Exploit (SEH)
ID: 16
Verified
|
1010 |
|
|
| 2009-06-30 |
TFM MMPlayer 2.0 (m3u/ppl) Universal Buffer Overflow Exploit (SEH)
ID: 17
Verified
|
1166 |
|
| DATE | DESCRIPTION | PLATFORM | HITS | AUTHOR |
|---|---|---|---|---|
| 2026-07-15 |
CVE-2026-8920 - ASUS Aura Wallpaper Service Path Traversal and Improper Access Control Vulnerability
ID: 61
|
1 |
|
|
| 2026-07-15 |
CVE-2026-11579 - Kali Forms < 2.4.17 - Unauthenticated Media Upload
ID: 60
|
1 |
|
|
| 2026-07-15 |
CVE-2026-12512 - Quotes Llama < 3.1.6 - Unauthenticated SQL Injection via sc Parameter
ID: 57
|
1 |
|
|
| 2009-07-02 |
Rentventory Multiple Remote SQL Injection Vulnerabilities
ID: 19
Verified
|
4310 |
|
|
| 2009-07-02 |
Opial 1.0 (albumid) Remote SQL Injection Vulnerability
ID: 20
Verified
|
2631 |
|
|
| 2009-07-02 |
Opial 1.0 (Auth Bypass) Remote SQL Injection Vulnerability
ID: 21
Verified
|
2305 |
|
|
| 2009-07-02 |
conpresso 3.4.8 (detail.php) Remote Blind SQL Injection Vuln
ID: 22
Verified
|
2348 |
|
| DATE | DESCRIPTION | PLATFORM | HITS | AUTHOR |
|---|---|---|---|---|
| 2026-07-15 |
CVE-2026-13585 - ASUS System Control Interface and Business Manager Information Disclosure and Denial of Service
ID: 65
|
2 |
|
|
| 2009-07-02 |
Apple Safari 4.x JavaScript Reload Remote Crash Exploit
ID: 25
Verified
|
2499 |
|
|
| 2009-07-01 |
ARD-9808 DVR Card Security Camera (GET Request) Remote DoS Exploit
ID: 26
Verified
|
1043 |
|
|
| 2009-07-01 |
PEamp 1.02b (.M3U File) Local Buffer Overflow PoC
ID: 27
Verified
|
902 |
|
|
| 2009-06-29 |
SCMPX 1.5.1 (.m3u File) Local Heap Overflow PoC
ID: 28
Verified
|
884 |
|
|
| 2009-06-29 |
VideoLAN VLC Media Player 0.9.9 smb:// URI Stack BOF PoC
ID: 29
Verified
|
8049 |
|
|
| 2009-06-23 |
HP Data Protector 4.00-SP1b43064 Remote Memory Leak/Dos (meta)
ID: 30
Verified
|
1588 |
|
| DATE | DESCRIPTION | PLATFORM | HITS | AUTHOR |
|---|---|---|---|---|
| 2009-07-02 |
win32 xp-sp3 beep and exitprocess shellcode 28 bytes
ID: 31
Verified
|
1967 |
|
|
| 2009-06-29 |
linux/x86 reboot() polymorphic shellcode 57 bytes
ID: 32
Verified
|
1413 |
|
|
| 2009-06-29 |
linux/x86 execve shellcode generator null byte free
ID: 33
Verified
|
708 |
|
|
| 2009-06-22 |
linux/x86 Shellcode Polymorphic chmod("/etc/shadow",666) 54 bytes
ID: 34
Verified
|
2399 |
|
|
| 2009-06-18 |
netbsd/x86 kill all processes shellcode 23 bytes
ID: 35
Verified
|
1582 |
|
|
| 2009-06-16 |
solaris/x86 portbind/tcp shellcode generator
ID: 36
Verified
|
1279 |
|
| DATE | DESCRIPTION | PLATFORM | HITS | AUTHOR |
|---|---|---|---|---|
| 2009-07-02 |
[french] Petite Explication Du SQL INJECTION
ID: 37
Verified
|
1354 |
|
|
| 2009-06-30 |
Cracking The Air, The Other Way
ID: 38
Verified
|
2893 |
|
|
| 2009-06-30 |
[romanian] Vulnerabilitati Web si securizarea acestora v1.0
ID: 39
Verified
|
707 |
|
|
| 2009-06-29 |
Linux Hardening & Security (cP/WHM + Apache)
ID: 40
Verified
|
1893 |
|
|
| 2009-06-22 |
[french] Le Social Engineering : une attaque de persuasion
ID: 41
Verified
|
1609 |
|
|
| 2009-06-22 |
PE Infection - How to Inject a dll
ID: 42
Verified
|
3361 |
|
| DATE | DESCRIPTION | PLATFORM | HITS | AUTHOR |
|---|---|---|---|---|
| 2009-06-01 |
HTTP Parameter Pollution - Yahoo! Mail classic attack
ID: 43
Verified
|
11496 |
|
|
| 2009-05-20 |
IIS WebDAV Vulnerability in Action
ID: 44
Verified
|
12470 |
|
|
| 2009-05-12 |
How to bypass Mikrotik Hotspot Login Page
ID: 45
Verified
|
13173 |
|
|
| 2009-04-30 |
Desktop Phishing (The New Art of Phishing)
ID: 46
Verified
|
20148 |
|
|
| 2009-04-27 |
A textbook example of Blind SQL Injection
ID: 47
Verified
|
14549 |
|
|
| 2009-04-23 |
BeEF and PHProxy for web MITM with content modification
ID: 48
Verified
|
6049 |
|
| DATE | DESCRIPTION | PLATFORM | HITS | AUTHOR |
|---|---|---|---|---|
| 2023-11-10 |
University Database Pwned - Root Access Gained
ID: 50
Verified
|
9038 |
|
|
| 2023-10-25 |
Mass Defacement - 50+ Subdomains Compromised
ID: 51
Verified
|
12167 |
|
|
| 2023-10-18 |
Corporate Intranet Breached - Data Dump
ID: 52
Verified
|
21500 |
|
|
| 2023-09-05 |
E-commerce Platform SQLi to RCE - Full Takeover
ID: 53
Verified
|
9618 |
|
|
| 2023-08-22 |
Local ISP Router DNS Hijack Defacement
ID: 54
Verified
|
6813 |
|