C Exploits
3,632 exploits tracked across all sources.
fetchmail < 5.8.17 - Memory Corruption via Negative LIST Response Index
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.
by Salvatore Sanfilippo -antirez-
fetchmail < 5.8.17 - Memory Corruption via Negative LIST Response Index
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.
by Sanfillipo antirez
Avaya Argent Office - Denial of Service via UDP Packet to Port 53
Avaya Argent Office allows remote attackers to cause a denial of service by sending UDP packets to port 53 with no payload.
by Jacek Lipkowski
Oracle Database Server 8.0.6-9.0.1 - Buffer Overflow via ORACLE_HOME Environment Variable
Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable.
by Juan Manuel Pascual Escribá
Oracle Database Server < 9.0.1 - Buffer Overflow via ORACLE_HOME Environment Variable
Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability."
by Juan Manuel Pascual Escribá
GNU locate in findutils <4.1 - Privilege Escalation
GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.
by Josh Smith
Solaris 2.6 and 7 - Buffer Overflow via MAIL Environment Variable
Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable.
by NSFOCUS Security Team
Oracle8i < 8.1.7 - Remote Buffer Overflow via TNS Listener Commands
Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD.
by benjurry
NetWin Authentication module - Info Disclosure
NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.
by byterage
MIT Kerberos - Remote Code Execution via Malformed Telnet AYT Option
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
by Dvorak
Quake - Denial of Service via Spoofed UDP Connection Packet Flood
Quake 1 and NetQuake servers allow remote attackers to cause a denial of service (resource exhaustion or forced disconnection) via a flood of spoofed UDP connection packets, which exceeds the server's player limit.
by Andy Gavin
Slackware 7.0/7.1/8.0 - Manual Page Cache File Creation
by josh
Check Point FireWall-1 <4.1 - Info Disclosure
Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain SecuRemote requests to TCP ports 256 or 264, which leaks the IP addresses in a reply packet.
by Jim Becher
Pileup - Local Buffer Overflow via Long Command Line Arguments or Callsign
Buffer overflows in Pileup before 1.2 allows local users to gain root privileges via (1) long command line arguments, or (2) a long callsign.
by Charles Stevenson
ArGoSoft FTP Server <1.2.2.2 - Privilege Escalation
ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, which allows an attacker with access to the password file to gain privileges.
by byterage
cfingerd <= 1.4.3 - Buffer Overflow via Long Line in .nofinger File
Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file.
by Megyer Laszlo
cfingerd <= 1.4.3 - Buffer Overflow via Long Line in .nofinger File
Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file.
by qitest1
xli 1.16-1.17 - Buffer Overflow via FACES Format Image Long Name Field
Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long (1) Firstname or (2) Lastname field.
by zenith parsec
Samsung ML-85G GDI <0.2.0 - Local Privilege Escalation
ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
by Charles Stevenson
TCP MSS Handling - Amplified Traffic Denial of Service
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.
by Darren Reed
Lmail <2.7 - Local Privilege Escalation
Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
by Charles Stevenson
Xvt 2.1 - Local Buffer Overflow via Long -name or -T Arguments
Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to execute arbitrary code via long (1) -name and (2) -T arguments.
by Christophe Bailleux
CylantSecure 1.0 - Kernel Module Syscall Rerouting
by Juergen Pabel
By Source