C Exploits
3,632 exploits tracked across all sources.
Unix Shell < - Local File Overwrite
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
by t--zen
Beos - Resource Management Error
Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability.
by phonix
Caldera Openlinux Ebuilder - Access Control
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
by sk8
secure_locate - Memory Corruption via Malformed Database File
Secure Locate (slocate) allows local users to corrupt memory via a malformed database file that specifies an offset value that accesses memory outside of the intended buffer.
by Michel Kaempf
Microsoft SQL Server and MSDE - Buffer Overflow in xp_showcolv Extended Stored Procedure
The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
by David Litchfield
Microsoft SQL Server 2000-MSDE - Buffer Overflow
The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
by @stake
Microsoft SQL Server and MSDE - Denial of Service and Remote Code Execution via xp_displayparamstmt Buffer Overflow
The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
by David Litchfield
Solaris - Buffer Overflow via NETMGT_PROC_SERVICE Request
Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.
by Optyx
HP-UX 10.20 - Remote Code Execution via FTP PASS Command Format String
Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command.
by venglin
phf - Buffer Overflow via MIME Header
Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header.
by proton
IBM AIX - Buffer Overflow in setsenv Command
Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument.
by Last Stage of Delirium
IBM AIX 4.3.x - Local Privilege Escalation via piobe Command Buffer Overflow
Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables.
by Last Stage of Delirium
IBM AIX - Buffer Overflow in Digest Command
Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands.
by Last Stage of Delirium
Caldera Openlinux Ebuilder - Access Control
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
by warning3
Caldera Openlinux Ebuilder - Access Control
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
by localcore
BSDi 3.0 inc - Local Buffer Overflow / Local Privilege Escalation
by vade79
Red Hat Linux 6.2 - Privilege Escalation
dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
by mat
HP-UX - Remote Code Execution via wu-ftpd SITE EXEC Format String
The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.
by venglin
Perl 4.x and 5.x - Buffer Overflow in suidperl
Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.
by vade79
BSD 3.0 and 4.0 - Privilege Escalation via rcvtty Script Execution
rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows local attackers to gain privileges by specifying an alternate Trojan horse script on the command line.
by vade79
Caldera Openlinux Ebuilder - Access Control
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
by Solar Eclipse
By Source