C Exploits
3,626 exploits tracked across all sources.
Jinais IRC Server 0.1.8 - Null Pointer (PoC)
by Salvatore Fresta
VariCAD EN <2010-2.05 - Buffer Overflow
VariCAD EN up to and including version 2010-2.05 is vulnerable to a stack-based buffer overflow when parsing .dwb drawing files. The application fails to properly validate the length of input data embedded in the file, allowing a crafted .dwb file to overwrite critical memory structures. This flaw can be exploited locally by convincing a user to open a malicious file, resulting in arbitrary code execution.
by n00b
FreeBSD / OpenBSD - 'ftpd' Null Pointer Dereference Denial of Service
by kingcope
IBM WebSphere Application Server 6.1-6.1.0.30 - Remote Code Execution via ISAPI Module Orphaned Callback Pointers
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
by Brett Gervasoni
FreeBSD 8.0 / OpenBSD 4.x - 'ftpd' Null Pointer Dereference Denial of Service
by kingcope
RadASM 2.2.1.6 - '.rap' Local Buffer Overflow (PoC)
by fl0 fl0w
Microsoft Windows - Memory Corruption
Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."
by Tavis Ormandy
NewsGator FeedDemon <2.7 - Buffer Overflow
Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier allows user-assisted remote attackers to execute arbitrary code via a long text attribute in an outline element in a .opml file.
by fl0 fl0w
Linux Kernel < 2.6.33 - Arbitrary Kernel Memory Read and Denial of Service via Invalid Node Values
The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel's node set.
by spender
OpenSolaris snv_69-snv_133 - Denial of Service via UCODE_GET_VERSION IOCTL
The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and OpenSolaris snv_69 through snv_133, when running on x86 architectures, allows local users to cause a denial of service (panic) via a request with a 0 size value to the UCODE_GET_VERSION IOCTL, which triggers a NULL pointer dereference in the ucode_get_rev function, related to retrieval of the microcode revision.
by Patroklos Argyroudis
Qihoo 360 Security Guard 6.1.5.1009 - breg device drivers Privilege Escalation
by anonymous
DeepBurner pro 1.9.0.228 - '.dbr' file Buffer Overflow (Universal)
by fl0 fl0w
Beijing Rising International Rising Antivirus 2008-2010 - Privilege Escalation via IOCTL Input Validation
Beijing Rising International Rising Antivirus 2008 through 2010 does not properly validate input to certain IOCTLs, including 0x83003C07, which allows local users to gain privileges via crafted IOCTL requests to the (1) HookCont.sys, (2) HookNtos.sys, (3) HOOKREG.sys, or (4) HookSys.sys device driver; or the (5) RsNTGdi.sys kernel module, reachable through \Device\RSNTGDI.
by Dlrow
Authentium SafeCentral 2.6 - 'shdrv.sys' Local Kernel Ring0 SYSTEM
by mu-b
VideoLAN VLC Media Player 0.8.6 - Stack-Based Buffer Overflow via Crafted Advanced SubStation Alpha Subtitle
Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field.
by fl0 fl0w
Sub Station Alpha 4.08 - '.rt' Local Buffer Overflow (PoC)
by fl0 fl0w
Apple iTunes < 8.2 - Remote Code Execution via Long itms: URL Component
Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.
by Simo36
Winamp 5.05 < 5.13 - '.ini' Local Stack Buffer Overflow
by fl0 fl0w
HTMLDOC 1.9.x-r1629 (Windows x86) - '.html' Local Buffer Overflow
by fl0 fl0w
K-Meleon 1.5.3 - Heap-Based Buffer Overflow via Large Precision Value in printf Format Argument
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
by Maksymilian Arciemowicz
By Source