IMMUNITY
CANVAS Early Updates
CANVAS Modules and Proof of Concepts
Latest Updates
- June 9, 2022 Confluence OGNL Injection RCE (CVE-2022-26134)
- June 7, 2022 OpenSSL's c_rehash local privilege escalation (CVE-2022-1292)
- June 7, 2022 Follina MSDT Remote Code Execution (CVE-2022-30190
- June 2, 2022 Apache CouchDB local privilege escalation (CVE-2022-24706) for CouchDB versions < 3.2.2
- June 2, 2022 Zabbix SAML SSO Authentication Bypass RCE (CVE-2022-23131)
- May 5, 2022 Linux x_tables (xt_compat_target_from_user) privilege escalation (CVE-2021-22555)
- April 28, 2022 WSO2 Arbitrary File Upload Remote Code Execution
- April 15, 2022 Analysis Update for Linux Kernel TIPC LPE/RCE (CVE-2022-0435)
- March 16, 2022 Redis Lua Sandbox Escape RCE (CVE-2022-0543)
- March 15, 2022 Linux Polkit local privilege escalation (CVE-2021-4034) for pkexec versions <= 0.120
- February 15, 2022 TIPC Module Stack Overflow Vulnerability
- January 12, 2022 Grafana Pre-Auth Arbitrary File Reading Vulnerability
- January 6, 2022 Oracle WebLogic Unauthenticated RCE (CVE-2020-14882)
- December 17, 2021 Log4J Remote Code Execution
- December 16, 2021 VMware vCenter Server Web Client <= 7.0 - RCE
- December 16, 2021 VMware vCenter File Upload
- September 30, 2021 OMIGod
- September 30, 2021 DWM Remove Binding - LPE
- September 10, 2021 Serious_SAM
- June 3, 2021 SeImpersonationPrivilege - LPE (June 2021 Update)
- May 21, 2021 SharePoint Workflows - RCE
- May 10, 2021 WndExtra Out-of-Bounds - LPE
- May 10, 2021 Internet Explorer 11.0 MSHTML Double-Free
- March 29, 2021 vstrwrite01 - LPE (Update)
- March 26, 2021 vstrwrite01 - LPE
- March 1, 2021 Windows Service Tracing - LPE (March 2021 Update)
- February 17, 2021 Windows Service Tracing - LPE
- January 21, 2021 ZeroLogon
- January 14, 2021 Solaris 10 RCE (in libpam through SSH)
- September 18, 2020 SMBGhost - LPE (September 2020 Update)
- August 5, 2020 SMBGhost - RCE
- July 22, 2020 Microsoft Exchange Server Validation Key RCE
- June 2, 2020 SMBGhost - LPE
- May 22, 2020 SQL Server Reporting Services ViewState RCE (CVE-2020-0618)
- March 27, 2020 Menu Confusion - LPE
- February 14, 2020 Unpatched Windows 10 SSL Verification Bypass
- February 5, 2020 rConfig Unauthenticated RCE (CVE-2019-16662)
- January 29, 2020 Citrix ADC/Gateway Directory Traversal RCE (UPDATE)
- January 24, 2020 BLUEGATE - RD Gateway Crash PoC
- January 16, 2020 Citrix ADC/Gateway Directory Traversal RCE
- January 10, 2020 Ruby on Rails Arbitrary File Read
- January 10, 2020 Ruby on Rails ActiveStorage Deserialization
- November 21, 2019 Pre-Auth Code Exec in Jenkins < 2.138 (Linux Version)
- November 21, 2019 vBulletin < 5.5.4 - RCE
- November 14, 2019 Windows Error Reporting - LPE
- September 20, 2019 ALPC AppX Edge - LPE
- July 30, 2019 DDE Closehandle - LPE (CVE-2019-0803)
- June 14, 2019 Exim 4.85+ Remote Command Execution
- May 24, 2019 ALPC Takeover - LPE (May 2019 Update)
- April 25, 2019 ALPC Takeover - LPE
- April 23, 2019 Local Privilege Elevation in win32k UAF (CVE-2019-0623)
- March 19, 2019 Local Privilege Elevation in win32k UAF (CVE-2018-8453)
- February 22, 2019 Local Privilege Elevation in snapd API (dirty_sock) (CVE-2019-7304)
- January 16, 2019 Exim b64decode One-Byte-Overflow (CVE-2018-6789)
- January 9, 2019 Adobe Flash Player com.adobe.tvsdk.mediacore.metadata.Metadata Use-After-Free (CVE-2018-15982)
- December 6, 2018 WebLogic T3 Protocol Deserialization RCE (CVE-2018-2893)
- October 26, 2018 Misconfigured su/sudo Privilege Escalation
- October 19, 2018 Blueimp jQuery-File-Upload <= v9.22.0 - Arbitrary File Upload Vulnerability (CVE-2018-9206)
- September 17, 2018 Linux Kernel 4.18.x - Arbitrary Kernel Read into Dmesg LPE
- September 13, 2018 Struts2 RCE (CVE-2018-11776)
- September 13, 2018 JBoss <= 4.X Java Deserialization RCE
- August 28, 2018 OpenSSH User Enumeration (CVE-2018-15473)
- August 28, 2018 Linux Kernel Local Privilege Escalation (CVE-2017-18344)
- August 8, 2018 Windows SMB Remote Code Execution (MS17-010)
- August 2, 2018 SPECTRE Local Privilege Escalation (Windows Version)
- July 25, 2018 Waitid() - Linux Local Privilege Escalation for Kernels Between 4.13.0-rc1 and 4.13.4
- June 29, 2018 QC Marshal Interceptor Insecure COM Unmarshal LPE (CVE-2018-0824)
- June 14, 2018 settingcontent_ms (NO CVE)
- May 29, 2018 ETERNALBLUE - Windows SMB Remote Kernel Pool Overflow (CVE-2017-0143, May 2018 Update)
- May 4, 2018 Potato - SeImpersonationPrivilege to SYSTEM LPE (No CVE)
- March 30, 2018 Microsoft IIS - IIS Machinekey RCE (No CVE)
- March 30, 2018 Microsoft IIS - IIS Machinekey Backdoor Configuration Generator (NO CVE)
- March 30, 2018 Microsoft IIS - Windows 'My' Certificate Store Dumping Tool (NO CVE)
- March 23, 2018 Dell iDRAC8 - WebApp - RCE (CVE-2018-1207)
- March 23, 2018 SPECTRE Local Privilege Escalation (March 2018 Update)
- March 12, 2018 WPAD/PAC Exploit via JScript Heap Overflow
- March 1, 2018 HP iLO4 < 2.53 Remote Exploit (CVE-2017-12542)
- February 20, 2018 RMI (Remote Method Invocation) Scanner
- February 20, 2018 Java Remote Method Invocation Service Remote Code Execution
- February 1, 2018 SPECTRE Local Privilege Escalation (February 2018 Update)
- January 26, 2018 SPECTRE Local Privilege Escalation
- January 23, 2018 Struts2 Dynamic Method Invocation RCE (CVE-2016-3081)
- January 23, 2018 Oracle Forms 10g Unauthenticated Remote Code Execution (CVE-2014-4278)
- January 3, 2018 CouchDB Admin User Injection and RCE v1.x and v2.x (CVE-2017-12635)
- December 22, 2017 GoAhead HTTPD Remote Code Execution update: ARM support added (CVE-2017-17562)
- December 20, 2017 ETERNALBLUE exploit implementation for CANVAS, Windows SMB Remote Kernel Pool Overflow (CVE-2017-0143)
- December 20, 2017 HP iMC Plat 7.2 dbman Remote Code Execution
- December 19, 2017 GoAhead HTTPD Remote Code Execution (CVE-2017-17562)
- December 14, 2017 CouchDB Admin User Injection and RCE v1.x (CVE-2017-12635)
- November 14, 2017 Updated Microsoft Word DDEAUTO Macro-less Code Execution (NO CVE)
- November 6, 2017 Updated Microsoft Word DDEAUTO Macro-less Code Execution (NO CVE)
- November 6, 2017 Microsoft Word DDEAUTO Macro-less Code Execution (NO CVE)
- October 24, 2017 Updated exploit for Emacs Enriched Mime-type Handler Arbitrary ELISP Execution (CVE-2017-14482)
- October 17, 2017 Updated exploit Microsoft Office Moniker/WDSL C# Injection (CVE-2017-8759, CVE-2017-8570)
- October 13, 2017 Microsoft Office Moniker/WDSL C# Injection (CVE-2017-8759, CVE-2017-8570)
- September 21, 2017 Emacs Enriched Mime-type Handler Arbitrary ELISP Execution (CVE-2017-14482)
- September 18, 2017 Symantec Brightmail Pre-Auth Command Injection (CVE-2017-6327)
- August 5, 2017 Updated PoC for SMBLORIS (SMBv1 memory exhaustion) attack
- August 2, 2017 PoC for SMBLORIS (SMBv1 memory exhaustion) attack
- July 25, 2017 CVE-2017-8464 - LNK PoC
- June 30, 2017 CVE-2017-3623 - Generic remote root on Solaris 10 RPC services (June 2017 update)
- May 25, 2017 CVE-2017-3623 - Generic remote root on Solaris 10 RPC services
- April 24, 2017 IIS6 PROPFIND ScStoragePathFromUrl Stack Buffer Overflow (CVE-2017-7269)
- April 19, 2017 PHP Deserialization on Drupal 7.x with Services Module version prior to 3.19
- March 23, 2017 SDCLT UAC Bypass
- March 21, 2017 Apache Struts S2-045 OGNL Remote JAR Execution
- March 2, 2017 MS16-111 NtLoadKeyEx COM TypeLib Hijack
- January 19, 2017 Jetbrains IDE Remote Code Execution through built-in webservers
- January 19, 2017 Inject MOSDEF
- January 19, 2017 Ubuntu Apport Crash Handler Remote Code Execution
- November 9, 2016 Full CANVAS exploits for CVE-2016-7255 (MS16-135)
- October 24, 2016 v0.3 (uni-processor support, increased race stability, automated recovery, no suid bin overwrite needed) full exploit chain for CVE-2016-5195 (Linux Kernel FOLL_WRITE gup COW vuln)
- October 21, 2016 v0.2 (system stability ensurance, will survive sync) of full exploit chain for CVE-2016-5195 (Linux Kernel FOLL_WRITE gup COW vuln)
- October 20, 2016 v0.1 of full exploit chain for CVE-2016-5195 (Linux Kernel FOLL_WRITE gup COW vuln)
- October 20, 2016 Write to root-owned file trigger for CVE-2016-5195 (Linux Kernel FOLL_WRITE gup COW vuln)
- August 24, 2016 Windows <= 10 Event Viewer UAC Bypass
- July 22, 2016 Badtunnel (MS16-077) - NetBios Name Resolver TXID Leak and NAT Hole Puncher
- June 1, 2016 CVE-2016-2098 (Rails ActionPack Render RCE)
- May 20, 2016 Binderx Module
- May 5, 2016 MS16-032 Seclogon thread handle leak
- May 5, 2016 airOS Remote Write
- April 12, 2016 SAP Netweaver Business Intelligece 7.5-and-prior P4
- March 23, 2016 CEU: exploit for CVE-2016-1757, Mac OSX Local Root Privilege Escalation
- March 9, 2016 jenkins_jrmp_deserialize
- March 5, 2016 ms16_006_silverlight
- February 17, 2016 vrealize_vcofactory_deserialize
- February 11, 2016 AlienVault Alarm Deserialization
- January 22, 2016 weblogic_t3_deserialization
- January 14, 2016 jenkins_cli_deserialization
- December 16, 2015 jboss6_jmxinvokeerservlet_deserialize
- November 16, 2015 firefox_pdfjs_file_reader
- November 13, 2015 vbulletin_preauth_decodeArguments
- August 27, 2015 osx_rootpipe2
- August 24, 2015 ESET Personal Firewall (EpFwNDIS.sys)
- June 9, 2015 Adobe Flash Player v9 - 17.0.0.169 Apply Integer Overflow
- June 7, 2015 ms15_051.tar.gz
- May 5, 2015 ProFTPd 1.3.5 Remote File Copy (CVE-2015-3306)
- April 28, 2015 CVE-2015-1427 - Elasticsearch RCE (Groovy sandbox bypass)
- April 27, 2015 MS14_070 Privilege Escalation
- April 23, 2015 OS X XPC Admin Framework (rootpipe) privilege escalation
- April 14, 2015 MS15-034 trigger
- March 20, 2015 Microsoft Windows Shell LNK Code(CVE-2015-0096)
- March 19, 2015 Windows Unicorn MS14-64
- March 10, 2015 Misfortune Cookie exploit (CVE 2014-9222)
- January 20, 2015 IOHIKeyboardMapper::parseKeyMapping() kheap overflow exploit
- December 16, 2014 MS14-068 - Kerberos Elevation of Privilege
- December 5, 2014 Sandworm - MS14-060 - Windows OLE Remote Code Execution Vulnerability
- November 14, 2014 MS14-066 TLS default remote heap overflow trigger
- November 13, 2014 Futex Requeue Privilege Escalation Exploit[Update]
- October 13, 2014 Adobe Flash CopyPixeltoByteArray Exploit
- September 25, 2014 Bash code injection exploit (CVE-2014-6271)
- August 19, 2014 l2p PPP vulnerability (CVE-2014-4943)
- August 11, 2014 Futex Requeue Rivilege Escalation Exploit x86 0.1
- July 30, 2014 Windows mqac.sys Local Privilege Escalation (CVE-2014-4971)
- July 15, 2014 Firefox nsSVGValue vulnerability (CVE-2011-3658)
- April 14, 2014 phpinfo & local file inclusion
- April 14, 2014 Horde Framework 5.1.1 _formvars unserialize() PHP code injection
- March 27, 2014 IE10_CMarkup
- February 26, 2014 Local root exploit for Linux x32 recvmmsg() (CVE-2014-0038)
- February 12, 2014 CardSpaceClaimCollection (MS13_090)
- February 7, 2014 Oracle VirtualBox Hypervisor escape (CVE-2013-5892)
- January 30, 2014 NDProxy.sys exploit (CVE-2013-5065)