Zero-day and N-day security vulnerability notes, analysis, and proof-of-concepts
CVE-2009-2629: nginx http module Buffer Underflow Remote Code Execution Vulnerability
Patch analysis, testcase, notes
CVE-2013-0007: Microsoft XML Core Services 4-6 Use-after-free Vulnerability
Vulnerability analysis, proof-of-concept exploit
Phrack paper
CVE-2014-4060: Microsoft Windows Media Center CSyncBasePlayer Use-After-Free Remote Code Execution Vulnerability
Analysis, testcase
CVE-2014-XXXX: Schneider Electric InduSoft Web Access Memory Corruption Vulnerability (multiple)
Testcases, analysis
Part of a winning competition entry: Hack the smart city 2014
CVE-2014-XXXX: Microsoft Office Word 2010 Memory Corruption Vulnerability
Testcases, notes
CVE-2015-2515: Windows Shell Use-after-free Remote Code Execution Vulnerability
Testcases
CVE-2016-0143: Microsoft Win32k Elevation of Privilege Vulnerability
Vulnerability root cause analysis
CVE-2016-0171: Microsoft Win32k Elevation of Privilege Vulnerability
Vulnerability root cause analysis
CVE-2017-XXXX: Jscript9 Type Confusion Remote Code Execution Vulnerability
Testcase
CVE-2017-FFFF: Windows Defender Javascript Use-after-free Vulnerability
Testcase
CVE-2018-0893: Microsoft Edge Type Confusion Vulnerability
Testcase, analysis, proof-of-concept exploit
CVE-2018-16845: nginx module mp4 Out Of Bounds Read Information Disclosure Vulnerability
TBD
CVE-2018-5144: Firefox ESR and Thunderbird Integer Overflow Remote Code Execution Vulnerability
Theoretical analysis
CVE-2018-5178: Firefox ESR and Thunderbird Buffer Overflow Remote Code Execution Vulnerability
Theoretical analysis
CVE-2018-6981: VMWare ESXi and Workstation Uninitialized Variable RCE
Patch analysis, testcase
CVE-2018-FFFF: Chromium ANGLE Uninitialized Variable RCE
Theoretical analysis
CVE-2018-XXXX: VirtualBox 3D Virtualization Memory Corruption Elevation of Privilege Vulnerability (multiple)
Analysis
CVE-2019-0717: Hyper-V vmswitch.sys Out of Bounds Read Vulnerability
Proof-of-concept testcase
CVE-2019-FFFF: nginx module njs Heap Buffer Overflow Vulnerability (multiple)
TBD
CVE.*XXXX: the CVE was assigned, but I don't know it
CVE.*FFFF: the CVE ID was never assigned
Alisa Esage, unless stated otherwise
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent