C Exploits
3,632 exploits tracked across all sources.
SWS Simple Web Server 0.0.3, 0.0.4, 0.1.0 - Denial of Service via Missing URL Newline
SWS web server 0.0.4, 0.0.3 and 0.1.0 allows remote attackers to cause a denial of service (crash) via a URL request that does not end with a newline.
by saman
Linuxconf - Buffer Overflow via LINUXCONF_LANG Environment Variable
Buffer overflow in Linuxconf before 1.28r4 allows local users to execute arbitrary code via a long LINUXCONF_LANG environment variable, which overflows an error string that is generated.
by David Endler
Linuxconf - Buffer Overflow via LINUXCONF_LANG Environment Variable
Buffer overflow in Linuxconf before 1.28r4 allows local users to execute arbitrary code via a long LINUXCONF_LANG environment variable, which overflows an error string that is generated.
by RaiSe
gdam 0.933 and 0.942 - Buffer Overflow via Long Filename Parameter
Buffer overflow in gdam123 0.933 and 0.942 allows local users to execute arbitrary code via a long filename parameter.
by Netric Security
Microsoft Windows NT and Windows 2000 - Denial of Service via SMB_COM_TRANSACTION Packet
Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
by Frederic Deletang
MySQL <3.23.52 - Privilege Escalation
The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database.
by g0thm0g
isdn4linux - Local Privilege Escalation via Format String in ipppd Device Name Argument
Format string vulnerability in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the ISDN4Linux (i4l) package allows local users to gain root privileges via format strings in the device name command line argument, which is not properly handled in a call to syslog.
by Gobbles Security
Windows 2000 - Local Privilege Escalation via WM_TIMER Message Handling
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."
by Brett Moore
Windows 2000 - Local Privilege Escalation via WM_TIMER Message Handling
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."
by Oliver Lavery
Windows 2000 - Local Privilege Escalation via WM_TIMER Message Handling
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."
by Brett Moore
Windows 2000 - Local Privilege Escalation via WM_TIMER Message Handling
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."
by Brett Moore
Windows 2000 - Local Privilege Escalation via WM_TIMER Message Handling
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."
by Oliver Lavery
Windows 2000 - Local Privilege Escalation via WM_TIMER Message Handling
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."
by sectroyer
qmailadmin - Local Privilege Escalation via QMAILADMIN_TEMPLATEDIR Environment Variable
Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable.
by Thomas Cannon
University of Washington imapd 4.7 - Authenticated Buffer Overflow via LIST Command
Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
by Gabriel A. Maggiotti
super for Linux - Privilege Escalation
Format string vulnerability in super for Linux allows local users to gain root privileges via a long command line argument.
by gobbles
Apache-SSL < 1.3.22+1.46 and mod_ssl < 2.8.7-1.3.23 - Remote Code Execution via Large Client Certificate
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
by spabam
OSSP mm <1.2.0 - Privilege Escalation
OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
by Sebastian Krahmer
Cisco IOS 11.1-11.3 - Heap-Based Buffer Overflow via TFTP Long Filename
Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename.
by FX
Ipswitch IMail - Buffer Overflow via Long HTTP GET Request
Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0.
by anonymous
KaZaA Media Desktop 1.7.1 - Denial of Service via Large Messages
Sharman Networks KaZaA Media Desktop 1.7.1 allows remote attackers to cause a denial of service (CPU consumption) by sending several large messages.
by Josh & omega
fake_identd 0.9-1.4 - Remote Code Execution via Long Request Split into Multiple Packets
Buffer overflow in Fake Identd 0.9 through 1.4 allows remote attackers to execute arbitrary code as root via a long request that is split into multiple packets.
by Jedi/Sector
VMware GSX Server 2.0.0 build-2050 - Authenticated Buffer Overflow via Long GLOBAL Argument
Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument.
by Zag & Glcs
CodeBlue < 4 - Remote Code Execution via SMTP Reply Buffer Overflow
Buffer overflow in CodeBlue 4 and earlier, and possibly other versions, allows remote attackers to execute arbitrary code via a long string in an SMTP reply.
by doe
By Source