C Exploits
3,631 exploits tracked across all sources.
eServ 2.9x - Denial of Service via Memory Leak
Memory leak in eServ 2.9x allows remote attackers to cause a denial of service (memory exhaustion) via a large number of connections, whose memory is not freed when the connection is terminated.
by rash
Borland InterBase 6.0 - Local Buffer Overflow via INTERBASE Environment Variable
Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_drop, (2) gds_lock_mgr, or (3) gds_inet_server.
by bob
Kerio Personal Firewall <2.1.4 - RCE
Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet.
by Burebista
leksbot 1.2.3 - Privilege Escalation
leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, which allows local users to gain root privileges by exploiting unknown vulnerabilities related to the escalated privileges, which KATAXWR is not designed to have.
by gunzip
MySQL 3.20-4.1.0 - Weak Password Hashing
MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.
by Secret Squirrel
RealNetworks Helix Universal Server 9.0.2.768 - Remote Code Execution via RTSP/HTTP Request Buffer Overflow
Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIBE RTSP request with a long URL argument, or (3) two simultaneous HTTP GET requests with long arguments.
by Johnny Cyberpunk
Kerio Personal Firewall <2.1.4 - RCE
Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet.
by ThreaT
Sendmail - Buffer Overflow in prescan Address Parser
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
by bysin
OpenSSH < 3.6.1 - Username Enumeration via PAM Timing Attack
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
by Maurizio Agazzini
MDG Web Server 4D 3.6 - HTTP Command Buffer Overflow
by badpack3t
Pi3Web 2.0.1 - Buffer Overflow via GET Request with Excessive Slashes
Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GET request with a large number of / characters.
by aT4r
Qualcomm qpopper <4.05 - Code Injection
Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4.05 allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program.
by Xpl017Elz
Pi3Web 2.0.1 - Buffer Overflow via GET Request with Excessive Slashes
Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GET request with a large number of / characters.
by Angelo Rosiello
PoPToP PPTP Server - Denial of Service via Invalid Control Packet Length
ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow.
by blightninjas
Options Parsing Tool <3.18 - Buffer Overflow
Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as opt_warn_2, as used in functions such as opt_atoi.
by kf
Xeneo Web Server 2.2.10 - Undisclosed Buffer Overflow (PoC)
by badpack3t
XMB Forum 1.8 - 'member.php' SQL Injection
DirectoryServices - Local Command Execution
DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program.
by Neeko Oni
PoPToP PPTP Server - Denial of Service via Invalid Control Packet Length
ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow.
by einstein
Linux kernel <2.2.25-2.4.21 - Privilege Escalation
The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.
by KuRaK
By Source