Here are the Exploits and Papers I have written over the past years since 2004. Enjoy!

Download the whole list in a package

Zeroday Exploits

None for now - come back to get the latest zerodays.


Remote Exploits

[+] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit

[+] Sun Solaris <= 10 rpc.ypupdated Remote Root Exploit

[+] Dovecot IMAP 1.0.10 <= 1.1rc2 Remote Email Disclosure Exploit

[+] SunOS 5.10 Sun Cluster rpc.metad Denial of Service PoC

[+] SunOS 5.10 Remote ICMP Kernel Crash Exploit

[+] Jakarta Slide <= 2.1 RC1 Remote File Disclosure Exploit

[+] Microsoft IIS 6.0 (/AUX/.aspx) Remote Denial of Service Exploit

[+] Sendmail with clamav-milter < 0.91.2 Remote Root Exploit

[+] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit

[+] Apache Tomcat (webdav) Remote File Disclosure Exploit

[+] SunOS 5.10/5.11 in.telnetd Remote Authentication Bypass Exploit

[+] GNU InetUtils ftpd 1.4.2 (ld.so.preload) Remote Root Exploit

[+] NetBSD FTPd / tnftpd Remote Stack Overflow PoC

[+] Mercury SMTPD Remote Preauth Stack Based Overrun PoC

[+] Microsoft Excel Unicode Local Overflow Exploit PoC

[+] QBik Wingate 6.1.1.1077 (POST) Remote Buffer Overflow Exploit

[+] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit

[+] Mercury Mail Transport System 4.01b Remote Exploit (PH SERVER)

[+] linux-ftpd-ssl 0.17 (MKD/CWD) Remote Root Exploit

[+] WzdFTPD <= 0.5.4 Remote Command Execution Exploit

[+] IPSwitch IMail Server <= 8.15 IMAPD Remote Root Exploit

[+] eMule <= 0.42d IRC Remote Buffer Overflow Exploit

Local Exploits

[+] FreeBSD (4.x , < 5.4) master.passwd Disclosure Exploit

[+] Qpopper <= 4.0.8 (poppassd) Local Root Exploit (linux)

[+] Qpopper <= 4.0.8 (poppassd) Local Root Exploit (freebsd)

Papers

[+] Breaking the Windows Server 2003 SP2 Stack

[+] Simple Web-Hacking Techniques

[+] Writeup about source code auditing: How to to break code by reading it