C Exploits
3,625 exploits tracked across all sources.
Norman Security Suite 8 - 'nprosec.sys' Local Privilege Escalation
by Xst3nZ
Apple Mac OS X <10.6.7 - Privilege Escalation
The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry.
by hkpco
Linux Kernel < 2.6.37 - Information Disclosure via Uninitialized IPC Structures
The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c.
by Jon Oberheide
Linux Kernel < 3.1 - Denial of Service via Performance Events Subsystem
The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application.
by Vince Weaver
CVSS 5.5
DVD X Player 5.5.0 Professional / Standard - '.plf' File Universal (ASLR + DEP Bypass)
by sickness
Kingsoft AntiVirus 2012 'KisKrnl.sys' 2011.7.8.913 - Kernel Mode Privilege Escalation
by MJ0011
NetBSD 5.1 - 'libc/net' Multiple Stack Buffer Overflows
by Maksymilian Arciemowicz
IBM DB2 - 'DT_RPATH' Insecure Library Loading Arbitrary Code Execution
by Tim Brown
xAurora 10.00 - 'RSRC32.dll' DLL Loading Arbitrary Code Execution
by Zer0 Thunder
Linux Kernel 2.6.28/3.0 (DEC Alpha Linux) - Local Privilege Escalation
by Dan Rosenberg
Linux Kernel < 2.6.39.3 - Race Condition in KSM scan_get_next_rmap_item
Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3, when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted application.
by Andrea Righi
Microsoft Windows Live Messenger 14 - 'dwmapi.dll' DLL Loading Arbitrary Code Execution
by Kalashinkov3
Symantec Backup Exec System Recovery 8.5 - Kernel Pointers Dereferences
by Stefan LE BERRE
libmodplug <0.8.8.3 - Buffer Overflow
Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) abc_new_umacro functions in src/load_abc.cpp in libmodplug before 0.8.8.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ABC file. NOTE: some of these details are obtained from third party information.
by epiphant
Help & Manual 5.5.1 Build 1296 - Privilege Escalation
Untrusted search path vulnerability in Help & Manual 5.5.1 Build 1296 allows local users to gain privileges via a Trojan horse ijl15.dll file in the current working directory, as demonstrated by a directory that contains a .hmxz, .hmxp, .hmskin, .hmx, .hm3, .hpj, .hlp, or .chm file. NOTE: some of these details are obtained from third party information.
by LiquidWorm
Linux kernel <2.6.39 - Use After Free
Double free vulnerability in the inotify subsystem in the Linux kernel before 2.6.39 allows local users to cause a denial of service (system crash) via vectors involving failed attempts to create files. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-4250.
by anonymous
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service
by Lufeng Li
NetBSD 4.0-5.1.1 - Memory Corruption
Multiple stack consumption vulnerabilities in the kernel in NetBSD 4.0, 5.0 before 5.0.3, and 5.1 before 5.1.1, when IPsec is enabled, allow remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a crafted (1) IPv4 or (2) IPv6 packet with nested IPComp headers.
by Tavis Ormandy
Apple Mac OS X <10.6.7 - Info Disclosure
Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call.
by Dan Rosenberg
Linux Kernel < 2.6.36.1 - Information Disclosure via TIOCGICOUNT ioctl
The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.
by prdelka
Linux Kernel < 2.6.37 - Denial of Service via TCP_MAXSEG Setsockopt
The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer.
by zx2c4
By Source