C Exploits
3,631 exploits tracked across all sources.
wireless_tools - Buffer Overflow via Long OUT Environment Variable
Buffer overflow in iwconfig, when installed setuid, allows local users to execute arbitrary code via a long OUT environment variable.
by heka
Winace UnAce 2.2 - Command Line Argument Buffer Overflow (2)
by Li0n7
Winace UnAce 2.2 - Command Line Argument Buffer Overflow (1)
by demz
Hylafax <= 4.1.7 - Remote Code Execution via Format String Vulnerability
Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier allows remote attackers to execute arbitrary code.
by Sebastian Krahmer
EPIC IRC Client <2.002-0 - DoS/Code Injection
EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later versions, allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via a CTCP request from a large nickname, which causes an incorrect length calculation.
by Li0n7
Windows 2000 SP3-SP4 - Denial of Service and Privilege Escalation via RPC DCOM Interface
The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.
by ins1der
TerminatorX 3.8 - Multiple Command-Line and Environment Buffer Overrun Vulnerabilities (3)
by m00 security
TerminatorX 3.8 - Multiple Command-Line and Environment Buffer Overrun Vulnerabilities (2)
by Bobby
TerminatorX 3.8 - Multiple Command-Line and Environment Buffer Overrun Vulnerabilities (1)
by c0wboy
OpenBSD 3.3-3.4 - Denial of Service and Possible Remote Code Execution via Invalid Program Header
OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_ibcs2) or (2) exec_elf.c, which leads to a stack-based buffer overflow.
by Scott Bartram
Help in NIPrint LPD-LPR Print Server <4.10 - Privilege Escalation
Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges.
by xCrZx
OpenBSD 2.x/3.x - Local Malformed Binary Execution Denial of Service
by Georgi Guninski
cfengine 2.x - Remote Code Execution via Modified Packet Length Values
Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.
by snooq
NullSoft Shoutcast Server 1.9.2 - Denial of Service via Long icy-name or icy-url Parameters
Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL.
by exworm
mathopd 1.2-1.5b13 - Buffer Overflow via Long HTTP Path
Buffer overflow in the prepare_reply function in request.c for Mathopd 1.2 through 1.5b13, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via an HTTP request with a long path.
by aion
BRS WebWeaver <= 1.06 - Buffer Overflow via Long User-Agent Header
Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with a long User-Agent header.
by D4rkGr3y
fileutils - Denial of Service via Large -w Value
ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.
by Angelo Rosiello
Croteam Serioussam - Denial of Service
Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter 1.05, and Serious Sam: the Second Encounter 1.05 allow remote attackers to cause a denial of service (crash or freeze) via a TCP packet with an invalid first parameter.
by Luigi Auriemma
KPopup 0.9.1 - Privilege Escalation
misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program.
by b0f
Solaris 2.6-9 - Local Privilege Escalation via LD_PRELOAD Environment Variable
Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable.
by osker178
thttpd 2.21-2.23b1 - Remote Code Execution via Defang Buffer Overflow
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences.
by d3ck4
CVSS 9.8
wireless_tools - Buffer Overflow via Long OUT Environment Variable
Buffer overflow in iwconfig, when installed setuid, allows local users to execute arbitrary code via a long OUT environment variable.
by NrAziz
wireless_tools - Buffer Overflow via Long OUT Environment Variable
Buffer overflow in iwconfig, when installed setuid, allows local users to execute arbitrary code via a long OUT environment variable.
by axis
musicqueue 1.2.0 - Arbitrary File Overwrite via Symlink Attack on Crash File
Musicqueue 1.2.0 allows local users to overwrite arbitrary files by triggering a segmentation fault and using a symlink attack on the resulting musicqueue.crash file.
by dong-h0un U
Musicqueue 1.2.0 - Buffer Overflow via Long Language Variable in Configuration File
Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbitrary code via a long language variable in the configuration file.
by dong-h0un U
By Source