C Exploits
3,625 exploits tracked across all sources.
Opera <10.62 - Privilege Escalation
Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file. NOTE: some of these details are obtained from third party information.
by Nicolas Krassas
Mozilla Firefox < & Thunderbird < & SeaMonkey <3.5.12-3.6.9 <3.0.7-3.1.3 - DLL Hijacking
Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file.
by Glafkos Charalambous
Microsoft Windows Movie Maker 2.6 - Privilege Escalation
Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."
by TheLeader
Microsoft Windows Live Email - 'dwmapi.dll' DLL Hijacking
by Nicolas Krassas
Windows Address Book <6.00.2900.5512 - Privilege Escalation
Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
by TheLeader
Microsoft Office PowerPoint 2007 - RCE
Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
by TheLeader
Adobe Dreamweaver CS5 11.0 build 4916 and 4909 - Untrusted Search Path and DLL Hijacking via Trojan Horse DLL
Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver.
by Glafkos Charalambous
Microsoft Windows - IcmpSendEcho2Ex Interrupting Denial of Service
by l3D
FreeBSD 7.1-8.1-PRERELEASE - Denial of Service and Privilege Escalation via sendfile System Call
FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag when creating a duplicate mbuf buffer reference, which allows local users to cause a denial of service (system file corruption) and gain privileges via the sendfile system call.
by kingcope
Windows XP SP2-SP3 and Windows Server 2003 SP2 - Privilege Escalation via Win32k Exception Handling
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
by MJ0011
Mini-stream Ripper 3.1.2.1 - Local Buffer Overflow (DEP Bypass)
by fl0 fl0w
Microsoft Windows - Buffer Overflow
Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors.
by Arkon
Apache Tomcat 4.1.0-4.1.37, 5.5.0-5.5.26, 6.0.0-6.0.16 - Directory Traversal via Encoded URI Sequences
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
by mywisdom
IBM AIX < 5.3 - Remote Code Execution via Long NLST Command
Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attackers to execute arbitrary code via a long NLST command.
by kingcope
libpng <1.2.44, <1.4.3 - Buffer Overflow
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
by kripthor
CVSS 9.8
NFS/ONCplus < b.11.31_09 - Remote Code Execution via Format String in RPC Request
Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.
by Rodrigo Rubira Branco
Corel WordPerfect Office X5 15.0.0.357 - 'wpd' Buffer Overflow (PoC)
by LiquidWorm
iscripts Socialware 2.2.x - Multiple Vulnerabilities
by Salvatore Fresta
iScripts Socialware 2.2.x - Arbitrary File Upload
by Salvatore Fresta
Adobe Acrobat and Reader 9.x < 9.3.3 and 8.x < 8.2.3 - Denial of Service or Remote Code Execution
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.
by LiquidWorm
UltraISO 9.3.6.2750 - '.mds' / '.mdf' Buffer Overflow (PoC)
by fl0 fl0w
FreeBSD 7.2-8.1-PRERELEASE - Privilege Escalation via NFS Client fhsize Parameter
sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allows local users to gain privileges via a crafted mount request.
by Patroklos Argyroudis
FreeBSD 7.2-8.1-PRERELEASE - Privilege Escalation via NFS Client fhsize Parameter
sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allows local users to gain privileges via a crafted mount request.
by Patroklos Argyroudis
By Source