C Exploits

3,622 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-117549 EXPLOITDB c
Microsoft Windows 10 - 'pcap' Driver Privilege Escalation
by Rootkitsmm
EIP-2026-119518 EXPLOITDB c
ASX to MP3 Converter 1.82.50 (Windows 2003 x86) - '.asx' Local Stack Overflow
by Ivan Ivanovic
CVE-2015-6306 EXPLOITDB c
Cisco AnyConnect Secure Mobility Client 4.1(8) - Privilege Escalation via Crafted Installation File
Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation file, aka Bug ID CSCuv11947.
by Yorick Koster
EIP-2026-116961 EXPLOITDB c
Cisco Sourcefire User Agent 2.2 - Insecure File Permissions
by Glafkos Charalambous
CVE-2013-1763 EXPLOITDB c
Linux Kernel < 3.4.34 - Local Privilege Escalation via Netlink Message Family Value
Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.
by Vitaly Nikolenko
CVE-2014-4076 EXPLOITDB c
Microsoft Windows Server 2003 SP2 - Privilege Escalation
Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability."
by Tomislav Paskalev
CVE-2013-5065 EXPLOITDB HIGH c
Microsoft Windows XP/Server 2003 - Privilege Escalation
NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.
by Tomislav Paskalev
CVSS 7.8
CVE-2015-3290 EXPLOITDB c
Linux kernel <4.1.6 - Privilege Escalation
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.
by Andrew Lutomirski
CVE-2015-5477 EXPLOITDB c VERIFIED
ISC BIND 9.x <9.9.7-P2, 9.10.x <9.10.2-P3 - DoS
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
by Errata Security
CVE-2025-34124 EXPLOITDB HIGH c VERIFIED
Heroes of Might and Magic III - Buffer Overflow
A buffer overflow vulnerability exists in Heroes of Might and Magic III Complete 4.0.0.0, HD Mod 3.808 build 9, and Demo 1.0.0.0 via malicious .h3m map files that exploit object sprite name parsing logic. The vulnerability occurs during in-game map loading when a crafted object name causes a buffer overflow, potentially allowing arbitrary code execution. Exploitation requires the victim to open a malicious map file within the game.
by John AAkerblom
CVE-2015-1328 EXPLOITDB HIGH c VERIFIED
Linux kernel <3.19.0-21.21 - Privilege Escalation
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
by rebel
CVSS 7.8
EIP-2026-102894 EXPLOITDB c
Linux Kernel (PonyOS 3.0) - TTY 'ioctl()' Local Privilege Escalation
by Hacker Fantastic
EIP-2026-102895 EXPLOITDB c
Linux Kernel (PonyOS 3.0) - VFS Permissions Local Privilege Escalation
by Hacker Fantastic
CVE-2015-1325 EXPLOITDB HIGH c
Apport <2.17.2-0ubuntu1.1, <2.14.70ubuntu8.5, <2.14.1-0ubuntu3.11, ...
Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges.
by rebel
CVSS 7.0
CVE-2015-1674 EXPLOITDB c
Microsoft Windows < - Privilege Escalation
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the KASLR protection mechanism, and consequently discover the cng.sys base address, via a crafted application, aka "Windows Kernel Security Feature Bypass Vulnerability."
by 4B5F5F4B
CVE-2015-3456 EXPLOITDB c
QEMU < 2.3.0 - Memory Corruption via Floppy Disk Controller Commands
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
by Marcus Meissner
EIP-2026-102707 EXPLOITDB c VERIFIED
OpenLitespeed 1.3.9 - Use-After-Free (Denial of Service)
by Denis Andzakovic
CVE-2015-1100 EXPLOITDB c
Apple macOS X < 10.10.2 - Denial of Service via Out-of-Bounds Memory Access
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app.
by Maxime Villard
EIP-2026-100677 EXPLOITDB c
OpenBSD 5.6 - Multiple Local Kernel Panics (Denial of Service)
by nitr0us
CVE-2015-1635 EXPLOITDB CRITICAL c
MS15-034 HTTP Protocol Stack Request Handling Denial-of-Service
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
by rhcp011235
CVSS 9.8
CVE-2015-1862 EXPLOITDB HIGH c VERIFIED
abrt < 2.2.0 - Local Privilege Escalation via Race Condition in Crash Reporting
The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment.
by Tavis Ormandy
CVSS 7.0
CVE-2015-1862 EXPLOITDB HIGH c VERIFIED
abrt < 2.2.0 - Local Privilege Escalation via Race Condition in Crash Reporting
The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment.
by Tavis Ormandy
CVSS 7.0
CVE-2015-3315 EXPLOITDB HIGH c VERIFIED
ABRT raceabrt Privilege Escalation
Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm.
by Tavis Ormandy
CVSS 7.8
CVE-2014-7822 EXPLOITDB c
Linux Kernel < 3.15.8 - Denial of Service via Splice System Call
The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.
by Emeric Nasi
CVE-2014-9322 EXPLOITDB HIGH c
Linux kernel <3.17.5 - Privilege Escalation
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.
by Emeric Nasi
CVSS 7.8
By Source
All 3,622 Writeup 62,043 Exploitdb 50,076 Nomisec 22,336 Github 3,517 Metasploit 3,299 Vulncheck_xdb 927 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,515 ruby 5,989 c 3,622 perl 2,849 html 2,072 php 1,332 bash 462 java 370 c++ 257 javascript 228 shell 130 go 72 postscript 25 typescript 25