C++ Exploits
255 exploits tracked across all sources.
Live for Speed S1 and S2 - Buffer Overflow via Long User Name or Number Plate String
Multiple buffer overflows in Live for Speed (LFS) S1 and S2 allow user-assisted remote attackers to execute arbitrary code via (1) a .spr file (single player replay file) containing a long user name or (2) a .ply file containing a long number plate string, different vectors than CVE-2007-4140.
by n00b
Live for Speed S1 and S2 - Buffer Overflow via Long User Name or Number Plate String
Multiple buffer overflows in Live for Speed (LFS) S1 and S2 allow user-assisted remote attackers to execute arbitrary code via (1) a .spr file (single player replay file) containing a long user name or (2) a .ply file containing a long number plate string, different vectors than CVE-2007-4140.
by n00b
SAP DB - Remote Code Execution via Stack-Based Buffer Overflow in waHTTP.exe
Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other unspecified vectors related to "numerous other fields."
by Heretic2
ESRI ArcSDE - Buffer Overflow via Long Parameters in Three-Tiered Configurations
Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests.
by Heretic2
Acoustica MP3 CD Burner 4.32 - Buffer Overflow via ASX Playlist REF HREF Attribute
Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted remote attackers to execute arbitrary code via a .asx playlist file with a REF element containing a long string in the HREF attribute. NOTE: it was later claimed that 4.51 Build 147 is also affected.
by n00b
UltraISO <8.6.2.2011 - Buffer Overflow
Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information.
by n00b
Microsoft Windows 2000 and 2003 Server - Remote Code Execution via Malformed ANI File
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.
by devcode
FrontBase Relational Database Server < 4.2.7 - Authenticated Buffer Overflow via CREATE PROCEDURE
Buffer overflow in FrontBase Relational Database Server 4.2.7 and earlier allows remote authenticated users, with privileges for creating a stored procedure, to execute arbitrary code via a CREATE PROCEDURE request with a long procedure name.
by Heretic2
DaanSystems NewsReactor 20070220.21 - Stack-Based Buffer Overflow via yEnc Filename
Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 allows remote attackers to execute arbitrary code via a yEnc (yEncode) encoded article with a long filename.
by Marsu
DaanSystems NewsReactor 20070220.21 - Stack-Based Buffer Overflow via yEnc Filename
Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 allows remote attackers to execute arbitrary code via a yEnc (yEncode) encoded article with a long filename.
by Marsu
NewsBin Pro 4.32 - Stack-Based Buffer Overflow via Long Filename in yEnc Article
Stack-based buffer overflow in NewsBin Pro 4.32 allows remote attackers to cause a denial of service or execute arbitrary code via a yEnc (yEncode) encoded article with a long filename, as demonstrated using a .nzb file. NOTE: some of these details are obtained from third party information.
by Marsu
TurboFTP 5.30 Build 572 - Denial of Service via Newline Character Flood
TurboFTP 5.30 Build 572 allows remote servers to cause a denial of service (CPU consumption) via a response with a large number of newline characters.
by Marsu
TurboFTP <5.30 Build 572 - Buffer Overflow
Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow remote servers to cause a denial of service via (1) long filename in a response to a LIST command, and (2) a long response to a CWD command.
by Marsu
Rhino Software, Inc. FTP Voyager <14.0.0.3 - Buffer Overflow
Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0.3 and earlier allows remote servers to cause a denial of service (crash) via a long response to a CWD command, which triggers the overflow when the user aborts the command.
by Marsu
FTP Explorer < 1.0.1.52 - Denial of Service via Long PWD Response
FTP Explorer 1.0.1 Build 047, and other versions before 1.0.1.52, allows remote servers to cause a denial of service (CPU consumption) via a long response to a PWD command.
by Marsu
SmartFTP 2.0.1002 - Buffer Overflow
Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP servers to execute arbitrary code via a large banner.
by Marsu
FlashFXP 3.4.0 build 1145 - Denial of Service via PWD Command Response
FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of service (CPU consumption) via a response to a PWD command that contains a long string with deeply nested directory structure, possibly due to a buffer overflow.
by Marsu
Microsoft Visual C++ - '.RC Resource Files' Local Buffer Overflow
by porkythepig
Microsoft HTML Help Workshop - Stack-based Buffer Overflow via Long HLP Field in OPTIONS Section
Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section.
by porkythepig
Microsoft HTML Help Workshop - Stack-Based Buffer Overflow via Crafted .cnt File
Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string.
by porkythepig
Microsoft HTML Help Workshop - Stack-based Buffer Overflow via Long HLP Field in OPTIONS Section
Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section.
by porkythepig
Microsoft Internet Explorer 7 - DLL-load Hijacking Code Execution (PoC)
by Aviv Raff
Microsoft Windows <XP - Buffer Overflow
Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
by S A Stevens
Microsoft Windows <XP - Buffer Overflow
Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
by cocoruder
Kaspersky Labs Anti-Virus <6.0.0.303 - RCE
The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp structure with invalid addresses in the 0x80052110 IOCTL.
by Nanika
By Source