C Exploits
3,632 exploits tracked across all sources.
Solaris 2.6-8 - Buffer Overflow via Xsun -co Argument
Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument.
by gloomy
Oracle Database Server 8.1.5 - Buffer Overflow via Long Command Line Argument
Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via a long command line argument.
by the itch
Linux kernel <2.2.20 & <2.4.18 - Path Traversal
The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories.
by cliph
Progress Database 8.3D and 9.1C - Buffer Overflow via Multiple Executables
Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump.
by kf
Trend Micro InterScan VirusWall HTTP proxy 3.6 - Open Redirect
Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning if Content-length equals 0" option enabled allows malicious web servers to bypass content scanning via a Content-length header set to 0, which is often ignored by HTTP clients.
by Jochen Thomas Bauer
Menasoft SPHERE server 0.99x and 0.5x - Unauthenticated Denial of Service via Connection Flood
Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause a denial of service by establishing a large number of connections to the server without providing login credentials, which prevents other users from being able to log in.
by H Zero Seven
Galacticomm Worldgroup <= 3.20 - Buffer Overflow via Long HTTP GET Request
Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long HTTP GET request.
by Limpid Byte
Galacticomm Worldgroup <= 3.20 - Buffer Overflow via FTP LIST Command
Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a LIST command containing a large number of / (slash), * (wildcard), and .. characters.
by Limpid Byte
xtell < 1.91.1 and 2.x < 2.7 - Remote Code Execution via Buffer Overflow
Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to execute arbitrary code via (1) a long DNS hostname that is determined using reverse DNS lookups, (2) a long AUTH string, or (3) certain data in the xtell request.
by spybreak
Ecartis 1.0.0 - Buffer Overflow via Long Command Line Argument
Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled in core.c, or possibly via bad uses of sprintf() in (2) moderate.c, (3) lcgi.c, (4) fileapi.c, (5) cookie.c, (6) codes.c, or other files.
by the itch
Ecartis 1.0.0 - Buffer Overflow via Long Command Line Argument
Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled in core.c, or possibly via bad uses of sprintf() in (2) moderate.c, (3) lcgi.c, (4) fileapi.c, (5) cookie.c, (6) codes.c, or other files.
by the itch
Century Software TERM - Local Buffer Overflow via Long tty Argument
Buffer overflow in Century Software TERM allows local users to gain root privileges via a long tty argument to the callin program.
by Haiku Hacker
Squid < 2.4_stable_3 - DoS and RCE via FTP URL with Excessive Special Characters
Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.
by gunzip
Apache HTTP Server - Directory Listing via Excessive Slash Characters
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
by st0ic
Phusion Web Server 1.0 - Buffer Overflow via Long HTTP Request
Buffer overflow in Phusion web server 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long HTTP request.
by Alex Hernandez
icecast <= 1.3.11 - Remote Code Execution via Long HTTP GET Request
Buffer overflows in icecast 1.3.11 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request from an MP3 client.
by dizznutt
Ettercap <= 0.6.3.1 - Remote Code Execution via Large Packet Buffer Overflow
Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, when running on networks with an MTU greater than 2000, allows remote attackers to execute arbitrary code via large packets.
by FermÃn J. Serna
SNMP - Denial of Service or Privilege Escalation via SNMPv1 Request Handling
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
by kundera
Apple QuickTime 5.01-5.02 - Remote Code Execution via Long Content-Type MIME Header
Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote web servers to execute arbitrary code via a response containing a long Content-Type MIME header.
by UNYUN
UnixWare 7.1.1 - Privilege Escalation
Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint.
by jGgM
hanterm 3.3.1 - Local Buffer Overflow via Long Argument
Buffer overflow in hanterm 3.3.1 and earlier allows local users to execute arbitrary code via a long string in the (1) -fn, (2) -hfb, or (3) -hfn argument.
by xperc
hanterm 3.3.1 - Local Buffer Overflow via Long Argument
Buffer overflow in hanterm 3.3.1 and earlier allows local users to execute arbitrary code via a long string in the (1) -fn, (2) -hfb, or (3) -hfn argument.
by Xpl017Elz
AtheOS 0.3.7 - Directory Traversal via Chroot Chdir Pathname
Directory traversal vulnerability in chroot function in AtheOS 0.3.7 allows attackers to escape the jail via a .. (dot dot) in the pathname argument to chdir.
by Jedi/Sector
Sambar Server 5.1 - Denial of Service and Possible Remote Code Execution via Long Argument to cgitest.exe
cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long argument.
by Tamer Sahin
ICQ for macOS X 10.0-10.1.2 - Buffer Overflow via Long Request
Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request.
by Stephen
By Source