We don't intentionally hunt for vulnerabilities. The following ones are some of what we came across. Surely enough, we are not the only ones who found such holes. Many security researchers may have found the same holes at the same time or so.
Concerning with our disclosure policy, if a vulnerability is critical, we wait for vendor's released fix within an aceptable time frame before disclosure. If a vulnerability is not critical, we disclosure it to inform users and force vendors of affected applications to fix because vendors do not usually have the willingness to fix minor security flaws.

• Huawei Mobile Partner | Permission Weakness Local Privilege Escalation
  
  
• Multiple Windows Applications | Unencrypted Sensitive Information Storage in Memory
  
  
• zFtp Server <= 2011-04-13 | "STAT,CWD" Remote Denial of Service Vulnerability
  
  
• smallftpd <= 1.0.3-fix | Connection Saturation Remote Denial of Service Vulnerability
  
  
• Dll Hijacking Archive
  Our DLL Hijacking findings in various applications (PDF reader, media player, office wares, secure wares like PGP, ...etc) with proof-of-concept dlls and demo videos.