Whitepaper called Android Security Research: Crypto Wallet Local Storage Attack.

53 bytes small Linux/x86_x64 sys_creat("ajit", 0755) shellcode.

This Metasploit module exploits an issue in Google Chrome version 80.0.3987.87 (64 bit). The exploit corrupts the length of a float array (float_rel), which can then be used for out of bounds read and write on adjacent memory. The relative read and write is then used to modify a UInt64Array (uint64_aarw) which is used for read and writing from absolute memory. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload shellcode. The payload is executed within the sandboxed renderer process, so the browser must be run with the --no-sandbox option for the payload to work correctly.

SuiteCRM versions 7.11.11 and below suffer from an add_to_prospect_list broken access control that allows for local file inclusion attacks.

Ac4p.com Gallery version 1.0 suffers from cross site scripting, phpinfo disclosure, shell upload, and insecure cookie handling vulnerabilities.

Denapars Shop Script suffers from administrative bypass, shell upload, and insecure cookie handling vulnerabilities.

Memorial Web Site Script suffers from password reset and insecure cookie handling vulnerabilities.

Paddelberg Topsite Script version 1.2.3 suffers from an authentication bypass vulnerability due to insecure cookie handling.

An elevation of privilege vulnerability exists in Microsoft Windows when the Win32k component fails to properly handle objects in memory. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This Metasploit module is tested against Windows 10 v1703 x86.

Microsoft Windows 7 Build 7601 (x86) local privilege escalation exploit.

Microsoft Windows suffers from an Internet Settings misconfiguration security feature bypass vulnerability. Versions affected include Windows 7 SP1, 8.0, 8.1 x86 and x64 with full patches up to July 2019.

Microsoft Windows 7 (x86) BlueKeep remote desktop protocol windows kernel use-after-free exploit.

Microsoft Teams Instant Messenger application on Windows 7 SP1 fully patched is vulnerable to remote DLL hijacking.

9 bytes small Microsoft Windows 7 screen locking shellcode.

The Windscribe VPN client application for Windows makes use of a Windows service WindscribeService.exe which exposes a named pipe \.pipeWindscribeService allowing execution of programs with elevated privileges. Windscribe versions prior to 1.82 do not validate user-supplied program names, allowing execution of arbitrary commands as SYSTEM. This Metasploit module has been tested successfully on Windscribe versions 1.80 and 1.81 on Windows 7 SP1 (x64).

School ERP System version 1.0 suffers from a cross site request forgery vulnerability.

AVideo Platform version 8.1 suffers from a cross site request forgery vulnerability.

Online Job Portal version 1.0 suffers from a cross site request forgery vulnerability.

SOPlanning version 1.45 suffers from a cross site request forgery vulnerability.

Ice HRM version 26.2.0 suffers from a cross site request forgery vulnerability.

Easy2Pilot version 7 suffers from a cross site request forgery vulnerability.

CandidATS version 2.1.0 suffers from a cross site request forgery vulnerability.

Easy2Pilot version 8 suffers from remote SQL injection, backdoor account, and cross site request forgery vulnerabilities.

Business Live Chat Software version 1.0 suffers from a cross site request forgery vulnerability.

WordPress Tutor LMS plugin version 1.5.3 suffers from a cross site request forgery vulnerability.

Wing FTP Server version 2.3 suffers from a cross site request forgery vulnerability.

HRSALE version 1.1.8 suffers from a cross site request forgery vulnerability.

Enhanced Multimedia Router version 3.0.4.27 suffers from a cross site request forgery vulnerability.