C++ Exploits
255 exploits tracked across all sources.
IBM WebSphere eXtreme Scale <7.1.0.3-8.6.0.8 - CRLF Injection
CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
by blomster81
CVSS 6.1
Windows 8.1, 10, RT 8.1, Server 2012 - Privilege Escalation via CSRSS Token Mismanagement
The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability."
by Google Security Research
CVSS 7.8
Grassroots DICOM < 2.6.2 - Remote Code Execution via Crafted DICOM Header Dimensions
Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image file, which triggers a buffer overflow.
by Stelios Tsampas
CVSS 10.0
Microsoft Windows - Privilege Escalation
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."
by anonymous
CVSS 7.8
FortKnox Personal Firewall 9.0.305.0/10.0.305.0 - Kernel Driver 'fortknoxfw.sys' Memory Corruption
by Arash Allebrahim
QuickTime Player plugin 4.1.2 - Buffer Overflow via EMBED Tag HREF Parameter
Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag.
by UNYUN
Calligra < 2.4.3 - Heap-Based Buffer Overflow in Microsoft Import Filter
Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
by Charlie Miller
Microsoft Windows XP - 'win32k.sys' Local Kernel Denial of Service
by Lufeng Li
OpenDrive 1.3.141 - Local Password Disclosure
by Glafkos Charalambous
Sun Java System Web Server 7.0 Update 7 - Stack-Based Buffer Overflow via WebDAV OPTIONS Request
Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request.
by dmc
Sun Java System Web Server 7.0 Update 7 - Stack-Based Buffer Overflow via WebDAV OPTIONS Request
Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request.
by dmc
VirtualDJ Trial 6.0.6 'New Year Edition' - '.m3u' Local Overflow
by fl0 fl0w
Rhino Software Serv-U Web Client 9.0.0.5 - Stack-Based Buffer Overflow via Long Session Cookie
Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Session cookie.
by Megumi Yanagishita
Oracle Database <10.2.0.4 - Info Disclosure
Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an independent researcher that this is related to improper validation of the AUTH_SESSKEY parameter length that leads to arbitrary code execution.
by Dennis Yurichev
EffectMatrix Magic Morph 1.95b - Stack-Based Buffer Overflow via .mor File
Stack-based buffer overflow in EffectMatrix (E.M.) Magic Morph 1.95b allows remote attackers to execute arbitrary code via a long string in a .mor file.
by fl0 fl0w
NaviCOPA Web Server 3.01 - Remote Buffer Overflow
by SimO-s0fT
HTML Email Creator & Sender 2.3 - Local Buffer Overflow (PoC) (SEH)
by fl0 fl0w
Embedthis Appweb 3.0b.2-4 - Remote Buffer Overflow (PoC)
by fl0 fl0w
Oracle Database Server <=11.1.0.7 - Remote Code Execution
Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
by Dennis Yurichev
By Source