C Exploits

3,625 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-5736 EXPLOITDB c
FreeBSD 6-7 - Privilege Escalation via Uninitialized Function Pointers
Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, 6.3 before 6.3-RELEASE-p7, 6.4 before 6.4-RELEASE-p1, 7.0 before 7.0-RELEASE-p7, 7.1 before 7.1-RC2, and 7 before 7.1-PRERELEASE allow local users to gain privileges via unknown attack vectors related to function pointers that are "not properly initialized" for (1) netgraph sockets and (2) bluetooth sockets.
by zx2c4
EIP-2026-116671 EXPLOITDB c VERIFIED
.NET Runtime Optimization Service - Local Privilege Escalation
by XenoMuta
CVE-2011-0762 EXPLOITDB c VERIFIED
vsftpd < 2.3.3 - Authenticated Denial of Service via Glob Expression in STAT Command
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
by Maksymilian Arciemowicz
CVE-2011-1082 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.38 - Denial of Service via epoll File Descriptor Chaining
fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed loops or (2) deep chains, which allows local users to cause a denial of service (deadlock or stack memory consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
by Nelson Elhage
CVE-2011-1083 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.37.2 - Denial of Service via epoll File Descriptor Tree Traversal
The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
by Nelson Elhage
CVE-2010-4165 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.37 - Denial of Service via TCP_MAXSEG Setsockopt
The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer.
by prdelka
CVE-2011-0045 EXPLOITDB c VERIFIED
Microsoft Windows XP SP3 - Buffer Overflow
The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a buffer overflow, which allows local users to gain privileges via a crafted application, related to WmiTraceMessageVa, aka "Windows Kernel Integer Truncation Vulnerability."
by Nikita Tarakanov
CVE-2011-1071 EXPLOITDB c
GNU C Library < 2.12.2 and Embedded GLIBC - Remote Code Execution via Long UTF8 String in fnmatch
The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.
by Simon Berry-Byrne
EIP-2026-117029 EXPLOITDB c
DESlock+ < 4.1.10 - 'vdlptokn.sys' Local Kernel Ring0 SYSTEM
by mu-b
CVE-2010-4435 EXPLOITDB c
Sunos - Buffer Overflow
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.
by Rodrigo Rubira Branco
EIP-2026-118343 EXPLOITDB c VERIFIED
Cain & Abel 2.7.3 - 'dagc.dll' DLL Loading Arbitrary Code Execution
by d3c0der
EIP-2026-100956 EXPLOITDB c
FreeBSD 5.4-RELEASE ftpd 6.00LS - 'sendfile' Memory Leak
by kingcope
EIP-2026-100057 EXPLOITDB c VERIFIED
Google Android 1.x/2.x - Local Privilege Escalation
by The Android Exploid Crew
EIP-2026-100052 EXPLOITDB c VERIFIED
Android 1.x/2.x HTC Wildfire - Local Privilege Escalation
by The Android Exploid Crew
EIP-2026-100670 EXPLOITDB c
FreeBSD 8.0 - Local Forced Reboot (Denial of Service)
by kingcope
EIP-2026-116038 EXPLOITDB c
Panda Global Protection 2010 - Local Denial of Service (unfiltered wcscpy())
by Heurs
EIP-2026-116037 EXPLOITDB c
Panda Global Protection 2010 - Local Denial of Service
by Heurs
CVE-2011-0652 EXPLOITDB c
Look 'n' Stop Firewall 2.06p4 and 2.07 - Denial of Service via Crafted IOCTL Request
lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 allows local users to cause a denial of service (crash) via a crafted 0x80000064 IOCTL request that triggers an assertion failure. NOTE: some of these details are obtained from third party information.
by Heurs
CVE-2011-1159 EXPLOITDB c VERIFIED
acpid < 2.0.9 - Denial of Service via Unread Socket Connection
acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted application that performs a connect system call but no read system calls.
by Vasiliy Kulikov
EIP-2026-118294 EXPLOITDB c VERIFIED
Avira AntiVir Personal - Multiple Code Execution Vulnerabilities (1)
by D.Elser
CVE-2010-2743 EXPLOITDB c VERIFIED
Microsoft Windows XP SP3 - Privilege Escalation
The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
by Ruben Santamarta
CVE-2011-0513 EXPLOITDB c
SecurStar DriveCrypt <= 5.4 - Local Privilege Escalation via DCR.sys IOCTL 0x00073800
DCR.sys driver in SecurStar DriveCrypt 5.4, 5.3, and earlier allows local users to execute arbitrary code via a crafted argument to the 0x00073800 IOCTL.
by mu-b
CVE-2008-5689 EXPLOITDB c
OpenSolaris snv_01-snv_76 - Denial of Service via SIOCGTUNPARAM IOCTL Request
tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference.
by peri.carding
EIP-2026-102911 EXPLOITDB c
Linux Kernel < 2.6.34 (Ubuntu 10.10 x86/x64) - 'CAP_SYS_ADMIN' Local Privilege Escalation (2)
by Joe Sylve
CVE-2010-4052 EXPLOITDB c
glibc 2.11.3/2.12.x-2.12.2 DoS via Adjacent Repetition in Regex
Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
by Maksymilian Arciemowicz
By Source
All 3,625 Writeup 62,183 Exploitdb 50,126 Nomisec 22,380 Github 3,588 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,433 python 6,554 ruby 6,001 c 3,625 perl 2,849 html 2,074 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25