2011

Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 via a crafted XBM image (CVE-2011-0181) [Sample]

Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.8 via a crafted embedded TrueType font (CVE-2011-0198) [Sample]

Off-by-one error in the CoreFoundation framework in Apple Mac OS X before 10.6.8 via a CFString object (CVE-2011-0201) [Sample]

Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 via a crafted JPEG2000 image (CVE-2011-0205) [Sample]

Heap memory corruption in VLC (VideoLAN) via crafted USF subtitles in an MKV file (CVE-2011-0522)

2013

Hackabi (Matriculation Examination Board hacking contest) submission (CVE-2013-1446)

2014

ASUS router drive-by code execution via XSS and authentication bypass (CVE-2014-1225 et all) [PoC]

OS X Lock Screen Race Condition Security Vulnerability (CVE-2014-4438) [Video]

2015

QNAP QTS weak sessionid generation

2016

SilverCrest SWS-A1 Wi-Fi Power Socket multiple vulnerabilities (video)

Serious security threat in AfterPay bracelet payment

Inteno router CWMP Certificate Validation Vulnerability

Unauthenticated Remote Code Execution as root in NovaBACKUP DataCenter (Hiback) (CVE-2016-4898, CVE-2016-4899)

POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) [PoC]

Multiple Vulnerabilities (including RCE as root) in QNAP QTS 4.2.x [slides] [video]

2017

Multiple Vulnerabilities (including unauthenticated RCE as root) in QNAP QTS 4.2.x (CVE-2017-6361, CVE-2017-6360, CVE-2017-6359)

Multiple Vulnerabilities (including authenticated RCE as root) in Foscam cameras (full advisory release pending)

Unauthenticated Remote Code Execution as root in ...

Local Privilege Escalation to root in ...

...