C Exploits

3,550 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-102665 EXPLOITDB c VERIFIED
Linux SELinux - W+X Protection Bypass via AIO
by Google Security Research
CVE-2016-6828 EXPLOITDB MEDIUM c
Linux Kernel < 4.7.4 - Use After Free
The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option.
by Marco Grassi
CVSS 5.5
CVE-2015-0235 GITHUB c
Exim GHOST (glibc gethostbyname) Buffer Overflow
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
by gitcollect
CVE-2013-1775 GITHUB c
Mac OS X Sudo Password Bypass
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.
by gitcollect
CVE-2013-0292 GITHUB c
Freedesktop Dbus-glib < 0.100 - Improper Input Validation
The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.
by gitcollect
CVE-2012-4412 GITHUB c
GNU Glibc < 2.17 - Numeric Error
Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.
by gitcollect
CVE-2007-3048 GITHUB c
GNU screen <4.0.3 - Info Disclosure
GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue
by gitcollect
CVE-2005-3120 GITHUB CRITICAL c
Lynx <2.8.6 - Buffer Overflow
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.
by gitcollect
CVSS 9.8
EIP-2026-102558 EXPLOITDB c VERIFIED
AppArmor securityfs < 4.8 - 'aa_fs_seq_hash_show' Reference Count Leak
by Google Security Research
CVE-2016-6253 EXPLOITDB HIGH c VERIFIED
NetBSD <7.0 - Local Privilege Escalation
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.
by akat1
CVSS 7.8
EIP-2026-103355 EXPLOITDB c
Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation
by Vitaly Nikolenko
EIP-2026-102833 EXPLOITDB c
Exim 4 (Debian 8 / Ubuntu 16.04) - Spool Privilege Escalation
by halfdog
EIP-2026-103354 EXPLOITDB c VERIFIED
Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter 'target_offset' Out-of-Bounds Privilege Escalation
by vnik
EIP-2026-114931 EXPLOITDB c
Armadito Antimalware - Backdoor Access/Bypass
by Ax.
CVE-2016-1819 EXPLOITDB HIGH c VERIFIED
Apple iOS <9.3.2 - Use After Free
Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1818.
by Google Security Research
CVSS 7.8
CVE-2016-1823 EXPLOITDB HIGH c VERIFIED
Apple iOS <9.3.2 - RCE/DoS
The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption) via a crafted IOHIDReportType enum, which triggers an incorrect cast, a different vulnerability than CVE-2016-1824.
by Google Security Research
CVSS 7.8
CVE-2016-1846 EXPLOITDB HIGH c VERIFIED
NVIDIA Graphics Drivers <10.11.5 - RCE/DoS
The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference and memory corruption) via a crafted app.
by Google Security Research
CVSS 7.8
CVE-2016-1821 EXPLOITDB HIGH c VERIFIED
IOAudioFamily <10.11.5 - RCE/DoS
IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
by Google Security Research
CVSS 7.8
CVE-2016-1794 EXPLOITDB HIGH c VERIFIED
Apple OS X <10.11.5 - RCE/DoS
The AppleGraphicsControlClient::checkArguments method in AppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
by Google Security Research
CVSS 7.8
CVE-2016-1793 EXPLOITDB HIGH c VERIFIED
Apple OS X <10.11.5 - RCE/DoS
AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
by Google Security Research
CVSS 7.8
CVE-2016-1813 EXPLOITDB HIGH c VERIFIED
Apple iOS <9.3.2-OS X <10.11.5-tvOS <9.2.1-watchOS <2.2.1 - RCE/DoS
The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
by Google Security Research
CVSS 7.8
CVE-2016-1803 EXPLOITDB HIGH c VERIFIED
Apple iOS <9.3.2, OS X <10.11.5, tvOS <9.2.1, watchOS <2.2.1 - RCE/DoS
CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
by Google Security Research
CVSS 7.8
CVE-2016-1861 EXPLOITDB HIGH c VERIFIED
Apple OS X <10.11.5 - RCE
The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846.
by Google Security Research
CVSS 7.8
CVE-2016-1807 EXPLOITDB MEDIUM c VERIFIED
Apple <9.3.2, <10.11.5, <9.2.1, <2.2.1 - Info Disclosure
Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.
by Google Security Research
CVSS 5.1
CVE-2016-1887 EXPLOITDB HIGH c
FreeBSD <10.1p34, <10.2p17, <10.3p3 - DoS
Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument, which triggers a heap-based buffer overflow.
by CTurt
CVSS 7.8
By Source
All 3,550 Exploitdb 50,150 Writeup 46,624 Nomisec 21,124 Metasploit 3,189 Github 2,234 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,343 ruby 5,920 python 5,756 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 246 shell 68 go 41 postscript 25 xml 24