C Exploits

3,625 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-4051 EXPLOITDB c
glibc through 2.11.3 and 2.12.x through 2.12.2 - Denial of Service via RE_DUP_MAX Overflow in regcomp
The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
by Maksymilian Arciemowicz
EIP-2026-119066 EXPLOITDB c VERIFIED
Quick Notes Plus 5.0 47 - Multiple DLL Loading Arbitrary Code Executions
by d3c0der
EIP-2026-103351 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.34 (Ubuntu 10.10 x86) - 'CAP_SYS_ADMIN' Local Privilege Escalation (1)
by Dan Rosenberg
EIP-2026-118224 EXPLOITDB c VERIFIED
Ace Video Workshop 1.2.0.0 - 'ir50_lcs.dll' DLL Loading Arbitrary Code Execution
by d3c0der
CVE-2010-2744 EXPLOITDB c VERIFIED
Microsoft Windows XP SP2-7 - Privilege Escalation
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
by Tarjei Mandt
EIP-2026-116933 EXPLOITDB c
Bywifi 2.8.1 - Local Stack Buffer Overflow
by anonymous
CVE-2011-0403 EXPLOITDB c VERIFIED
ImgBurn - Untrusted Search Path and DLL Hijacking via Trojan Horse dwmapi.dll
Untrusted search path vulnerability in ImgBurn.exe in ImgBurn 2.4.0.0, 2.5.4.0, and other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a CUE file.
by d3c0der
CVE-2010-4347 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.36.2 - Privilege Escalation via ACPI Debugfs Custom Method
The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by placing a custom ACPI method in the ACPI interpreter tables, related to the acpi_debugfs_init function in drivers/acpi/debugfs.c.
by Jon Oberheide
CVE-2011-1021 EXPLOITDB c VERIFIED
Linux Kernel < 3.0 - Arbitrary Kernel Memory Write via ACPI Debugfs Custom Method
drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local users to modify arbitrary kernel memory locations by leveraging root privileges to write to the /sys/kernel/debug/acpi/custom_method file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4347.
by Jon Oberheide
CVE-2010-3944 EXPLOITDB c VERIFIED
Windows 7 and Windows Server 2008 - Privilege Escalation via win32k.sys Input Validation
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
by Stefan LE BERRE
CVE-2010-4258 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.36.2 - Privilege Escalation via KERNEL_DS get_fs Handling
The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call.
by Dan Rosenberg
CVE-2010-4052 EXPLOITDB c VERIFIED
glibc 2.11.3/2.12.x-2.12.2 DoS via Adjacent Repetition in Regex
Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
by Maksymilian Arciemowicz
CVE-2010-4249 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.37 - Denial of Service via SOCK_SEQPACKET Garbage Collection
The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets.
by Key Night
CVE-2010-3858 EXPLOITDB c
Linux Kernel < 2.6.36 - Denial of Service via Stack Memory Consumption
The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240.
by Roland McGrath
CVE-2010-4243 EXPLOITDB c
Linux Kernel < 2.6.37 - Denial of Service via Stack Memory OOM Bypass
fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.
by Roland McGrath
CVE-2010-4250 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.37 - Denial of Service via inotify_init1 Memory Leak
Memory leak in the inotify_init1 function in fs/notify/inotify/inotify_user.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory consumption) via vectors involving failed attempts to create files.
by Vegard Nossum
EIP-2026-118943 EXPLOITDB c VERIFIED
Native Instruments (Multiple Products) - DLL Loading Arbitrary Code Execution
by Gjoko Krstic
EIP-2026-102900 EXPLOITDB c
Linux Kernel 2.4.0 - Stack Infoleaks
by Dan Rosenberg
CVE-2010-4158 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.36.2 - Information Disclosure via Uninitialized Stack Memory in Socket Filter
The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter.
by Dan Rosenberg
EIP-2026-119140 EXPLOITDB c VERIFIED
Silo 2.1.1 - 'wintab32.dll' DLL Loading Arbitrary Code Execution
by Gjoko Krstic
EIP-2026-117224 EXPLOITDB c
G Data TotalCare 2011 - Local Kernel
by Nikita Tarakanov
EIP-2026-114957 EXPLOITDB c
Avast! Internet Security - aswtdi.sys Local Denial of Service (PoC)
by Nikita Tarakanov
EIP-2026-116186 EXPLOITDB c
Rising - 'RSNTGDI.sys' Local Denial of Service
by ze0r
EIP-2026-114960 EXPLOITDB c VERIFIED
AVG Internet Security 9.0.851 - Local Denial of Service
by Nikita Tarakanov
EIP-2026-118029 EXPLOITDB c VERIFIED
Trend Micro Titanium Maximum Security 2011 - Local Kernel
by Nikita Tarakanov
By Source
All 3,625 Writeup 62,183 Exploitdb 50,126 Nomisec 22,380 Github 3,588 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,433 python 6,554 ruby 6,001 c 3,625 perl 2,849 html 2,074 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25