C Exploits
3,632 exploits tracked across all sources.
HP-UX B.11.00 and B.11.11 - Buffer Overflow via LANG Environment Variable
Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code via a long LANG environment variable to setuid programs such as (1) swinstall and (2) swmodify.
by watercloud
Sun Cobalt RaQ 4 - Remote Code Execution via overflow.cgi Email Parameter
overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter.
by grazer
Exim 3.x-3.36 and 4.x-4.10 - Authenticated Remote Code Execution via pid_file_path Format String
Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
by Thomas Wana
Boozt Standard 0.9.8 - 'index.cgi' Buffer Overrun
by BrainStorm
Marcos Luiz Onisto Lib CGI 0.1 - Buffer Overflow in changevalue Function
Buffer overflow in the changevalue function in libcgi.h for Marcos Luiz Onisto Lib CGI 0.1 allows remote attackers to execute arbitrary code via a long argument.
by Xpl017Elz
Zeroo http_server 1.5 - Path Traversal via URL GET Request
Directory traversal vulnerability in Zeroo web server 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL GET request.
by mikecc
MailEnable 1.5 015-1.5 018 - Denial of Service via Long USER String
MailEnable 1.5 015 through 1.5 018 allows remote attackers to cause a denial of service (crash) via a long USER string, possibly due to a buffer overflow.
by redsand
LibHTTPD 1.2 - Buffer Overflow via Long HTTP POST Request
Buffer overflow in the httpdProcessRequest function in LibHTTPD 1.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP POST request.
by Xpl017Elz
Light HTTPd 0.1 - Remote Code Execution via Long HTTP GET Request
Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.
by uid0x00
Light HTTPd 0.1 - Remote Code Execution via Long HTTP GET Request
Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.
by Xpl017Elz
tracesroute - Buffer Overflow via Long WHOIS Response
Buffer overflow in the get_origin function in traceroute-nanog allows attackers to execute arbitrary code via long WHOIS responses.
by Carl Livitt
BIND 8.3.x-8.3.3 - Denial of Service via OPT Resource Record with Large UDP Payload
BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.
by spybreak
QNX RTOS 6.1.0 - Denial of Service via Timer Tick Manipulation
The timer implementation in QNX RTOS 6.1.0 allows local users to cause a denial of service (hang) and possibly execute arbitrary code by creating multiple timers with a 1-ms tick.
by Pawel Pisarczyk
HP CIFS/9000 Client <= A.01.06 - Local Buffer Overflow via Long Command Parameters
Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01.06 and earlier, based on the Sharity package, allows local users to gain root privileges via long (1) -U, (2) -D, (3) -P, (4) -S, (5) -N, or (6) -u parameters.
by watercloud
GlobalSunTech Access Point GL2422AP-0T - Information Disclosure
by Tom Knienieder
Abuse < 2.00 - Local Buffer Overflow via -net Command Line Argument
Buffer overflow in Abuse 2.00 and earlier allows local users to gain root privileges via a long -net command line argument.
by Girish
Windows 2000 and NT 4.0 - Denial of Service via Malformed RPC Packet
The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference.
by Trancer
Windows 2000 and NT 4.0 - Denial of Service via Malformed RPC Packet
The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference.
by lion
ZoneAlarm Pro 3.0 and 3.1 - Denial of Service via SYN Flood
ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of SYN packets (SYN flood). NOTE: the vendor was not able to reproduce the issue.
by Abraham Lincoln
Windows 2000 - Local Privilege Escalation via WM_TIMER Message Handling
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."
by Serus
Windows 2000 - Local Privilege Escalation via WM_TIMER Message Handling
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."
by Serus
Windows HTML Help ActiveX Control Buffer Overflow RCE
Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
by ipxodi
By Source