C Exploits
3,626 exploits tracked across all sources.
FreeBSD 7.2-8.1-PRERELEASE - Privilege Escalation via NFS Client fhsize Parameter
sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allows local users to gain privileges via a crafted mount request.
by Patroklos Argyroudis
Microsoft MFC Library - Buffer Overflow
Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
by fl0 fl0w
H264WebCam 3.7 - Denial of Service via Long URI
H264WebCam 3.7 allows remote attackers to cause a denial of service (crash) via a long URI in a GET request, which triggers a NULL pointer dereference. NOTE: some of these details are obtained from third party information.
by fl0 fl0w
SaschArt SasCAM Webcam Server <= 2.7 - Denial of Service via Long GET Request
Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier allows remote attackers to cause a denial of service (crash) via a large number of requests with a long line, as demonstrated using a long GET request.
by fl0 fl0w
SureThing CD Labeler - '.m3u/.pls' Unicode Stack Overflow
by mr_me
Adobe Photoshop CS4 <11.0.2 - Buffer Overflow
Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file.
by LiquidWorm
Adobe Photoshop CS4 <11.0.2 - Buffer Overflow
Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file.
by LiquidWorm
Kingsoft Webshield < 3.5.1.2 - Arbitrary Kernel Memory Overwrite via KAVSafe.sys IOCTL 0x830020d4
KAVSafe.sys 2010.4.14.609 and earlier, as used in Kingsoft Webshield 3.5.1.2 and earlier, allows local users to overwrite arbitrary kernel memory via a crafted request to IOCTL 0x830020d4 on the KAVSafe device.
by Xuanyuan Smart
Linux Kernel 2.6.29-2.6.32 - Unauthorized Sensitive Information Exposure via btrfs_ioctl_clone
The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs functionality in the Linux kernel 2.6.29 through 2.6.32, and possibly other versions, does not ensure that a cloned file descriptor has been opened for reading, which allows local users to read sensitive information from a write-only file descriptor.
by Dan Rosenberg
Adobe Shockwave Player <11.5.7.609 - RCE/DoS
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file.
by LiquidWorm
CVSS 8.8
Rebellion Aliens vs Predator 2.22 - Multiple Memory Corruption Vulnerabilities
by Luigi Auriemma
Photofiltre Studio 8.1.1 - Buffer Overflow via Crafted TIFF File
Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remote attackers to execute arbitrary code via a crafted .tif file.
by fl0 fl0w
Apple Mac OS X 10.5.8 and 10.6.x < 10.6.5 - Denial of Service via Directory Hard Link Manipulation
The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir and link functions, related to the fsck_hfs program in the diskdev_cmds component.
by Maksymilian Arciemowicz
CommView 6.1 (Build 636) - Local Blue Screen of Death (Denial of Service)
by p4r4N0ID
Windows XP SP2-SP3 and Windows Server 2003 SP2 - Privilege Escalation via Win32k Exception Handling
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
by MJ0011
Windows 2000, XP, and Server 2003 - Denial of Service via SfnINSTRING Function
The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
by MJ0011
OpenSSL 0.9.8f-0.9.8m - Denial of Service via Malformed TLS Record
The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.
by Andi
Micropoint ProActive Denfense 'Mp110013.sys' 1.3.10123.0 - Local Privilege Escalation
by MJ0011
WinSoftMagic Photo Editor - '.png' Remote Buffer Overflow
by eidelweiss
EasyFTP Server 1.7.0.2 - 'MKD' (Authenticated) Remote Buffer Overflow
by x90c
MX Simulator Server - Remote Buffer Overflow
by Salvatore Fresta
By Source