C Exploits

3,622 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-5207 EXPLOITDB c
Linux Kernel < 3.16.1 - Privilege Escalation via Bind Mount Remount
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace.
by Andy Lutomirski
EIP-2026-103357 EXPLOITDB c
OpenSSH < 6.6 SFTP (x64) - Command Execution
by Jann Horn
CVE-2014-6437 EXPLOITDB CRITICAL c VERIFIED
Aztech DSL5018EN DSL705E DSL705EU - Unauthenticated Sensitive Information Exposure via ROM File
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file.
by Eric Fajardo
CVSS 9.8
CVE-2014-5119 EXPLOITDB c VERIFIED
glibc < 2.20 - Denial of Service and Remote Code Execution via CHARSET Environment Variable
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
by taviso & scarybeasts
CVE-2014-4699 EXPLOITDB c
Linux kernel <3.15.4 - Privilege Escalation
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.
by Vitaly Nikolenko
CVE-2014-4014 EXPLOITDB c VERIFIED
Linux kernel <3.14.8 - Privilege Escalation
The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.
by Vitaly Nikolenko
EIP-2026-102821 EXPLOITDB c VERIFIED
Docker 0.11 - VMM-Container Breakout
by Sebastian Krahmer
CVE-2013-0292 EXPLOITDB c
dbus-glib < 0.100 - Privilege Escalation via Spoofed NameOwnerChanged Signal
The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.
by Sebastian Krahmer
CVE-2013-2094 EXPLOITDB HIGH c VERIFIED
Linux Kernel < 3.0.75 - Local Privilege Escalation via perf_event_open System Call
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
by Vitaly Nikolenko
CVSS 8.4
CVE-2014-1739 EXPLOITDB c VERIFIED
Linux kernel <3.14.6 - Info Disclosure
The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.
by Salva Peiro
CVE-2014-0196 EXPLOITDB MEDIUM c
Linux Kernel < 3.14.3 - Denial of Service and Privilege Escalation via Race Condition in n_tty_write
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
by Matthew Daley
CVSS 5.5
EIP-2026-115783 EXPLOITDB c VERIFIED
Microsoft Windows - Touch Injection API Local Denial of Service
by Tavis Ormandy
CVE-2014-1849 EXPLOITDB c VERIFIED
Foscam IP Camera Firmware - Predictable Credential Generation in DynDNS Feature
Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijack arbitrary cameras and conduct other attacks by modifying arbitrary camera records in the Foscam DNS server.
by Sergey Shekyan
CVE-2013-5211 EXPLOITDB c
NTP Monitor List Scanner
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
by Danilo PC
CVE-2014-1322 EXPLOITDB c VERIFIED
macOS < 10.9.2 - Unprotected Kernel Pointer Exposure via XNU Object Attribute
The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.
by Ian Beer
CVE-2014-2851 EXPLOITDB c
Linux Kernel < 3.14.1 - Use-After-Free in ping_init_sock
Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.
by Thomas Pollet
EIP-2026-101444 EXPLOITDB c
Sercomm TCP/32674 - Backdoor Reactivation
by Synacktiv
EIP-2026-104578 EXPLOITDB c
Apple Mac OSX (Lion) Kernel xnu-1699.32.7 except xnu-1699.24.8 NFS Mount - Local Privilege Escalation
by Kenzley Alphonse
CVE-2013-6799 EXPLOITDB c
Apple Mac OS X 10.9 - Denial of Service via Hard Link to Directory
Apple Mac OS X 10.9 allows local users to cause a denial of service (memory corruption or panic) by creating a hard link to a directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0105.
by Maksymilian Arciemowicz
EIP-2026-115431 EXPLOITDB c
Immunity Debugger 1.85 - Stack Overflow (PoC)
by Veysel HATAS
EIP-2026-114689 EXPLOITDB c
QNX 6.5.0 x86 phfont - Local Privilege Escalation
by cenobyte
EIP-2026-114688 EXPLOITDB c
QNX 6.5.0 x86 io-graphics - Local Privilege Escalation
by cenobyte
CVE-2013-6282 EXPLOITDB HIGH c
Android get_user/put_user Exploit
The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.
by Piotr Szerman
CVSS 8.8
CVE-2008-1461 EXPLOITDB c VERIFIED
XnView 1.92.1 - Buffer Overflow via Long Filename Argument
Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long filename argument on the command line. NOTE: it is unclear whether there are common handler configurations in which this argument is controlled by an attacker.
by Sylvain THUAL
CVE-2014-0038 EXPLOITDB c VERIFIED
Linux Kernel recvmmsg Privilege Escalation
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.
by rebel
By Source
All 3,622 Writeup 62,043 Exploitdb 50,076 Nomisec 22,336 Github 3,517 Metasploit 3,299 Vulncheck_xdb 927 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,515 ruby 5,989 c 3,622 perl 2,849 html 2,072 php 1,332 bash 462 java 370 c++ 257 javascript 228 shell 130 go 72 postscript 25 typescript 25