C++ Exploits
255 exploits tracked across all sources.
Microsoft Internet Explorer - 'mshtml.dll' CSS Parsing Buffer Overflow
by Arabteam2000
RealNetworks RealPlayer <6.0.12.1056 - Buffer Overflow
Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value.
by nolimit
Foxmail Email Server 2.0 - Remote Code Execution via Long USER Command
Buffer overflow in Foxmail Server 2.0 allows remote attackers to execute arbitrary code via a long USER command.
by Swan
bfriendly.com/einstein < 1.0.1 - Plaintext Credential Storage in Registry
Einstein 1.0.1 stores sensitive information such as usernames and passwords in plaintext in the registry, which allows local users to gain privileges.
by Kozan
Avaya IP Office Phone Manager - Info Disclosure
The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic.
by Adrian _pagvac_ Pastor
PeerFTP_5 - Plaintext Password Storage in PeerFTP.ini
PeerFTP_5 stores sensitive information such as passwords in plaintext in the PeerFTP.ini files, which allows local users to gain privileges.
by Kozan
MSN Messenger - '.png' Image Buffer Overflow Download Shellcode
by ATmaCA
Windows NT/2000/XP/2003 - Remote Code Execution via Animated Cursor Length Field
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads to a stack-based buffer overflow.
by Vertygo
NodeManager Professional 2.00 - Remote Code Execution via Long OCTET-STRING in LinkDown-Trap Packet
Stack-based buffer overflow in NodeManager Professional 2.00 allows remote attackers to execute arbitrary commands via a LinkDown-Trap packet that contains a long OCTET-STRING in the Trap variable-bindings field.
by Tan Chew Keong
Apple iTunes - Playlist Buffer Overflow Download Shellcode
by ATmaCA
Windows 2000/2003 - Privilege Escalation
LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
by Cesar Cerrudo
GNU Mailutils < 0.6.90 - Remote Code Execution via Crafted Email Header
Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail.
by infamous41md
Symantec Gateway Security - DNS Cache Poisoning
The DNS proxy (DNSd) for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additional records.
by fryxar
Windows NT-Server 2003 - Buffer Overflow
Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.
by Brett Moore
Microsoft Windows XP/2000/2003 - Message Queuing Service Heap Overflow
by DaveK
EarthStation 5 - Search Service Remote File Deletion
by random nut
Microsoft SQL Server and MSDE - Denial of Service via Long Named Pipe Request
Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
by refdom
Microsoft SQL Server 2000 and MSDE 2000 - Remote Code Execution via UDP Port 1434
Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
by David Litchfield
Koules 1.4 - Buffer Overflow via Long Command Line Argument
Buffer overflow in Koules 1.4 allows local users to execute arbitrary commands via a long command line argument.
by Synnergy.net
Microsoft Office 2000 - Code Injection
When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
by Georgi Guninski
Windows 2000 - Local Privilege Escalation via Still Image Service WM_USER Message
Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability.
by dildog
By Source