C Exploits
3,626 exploits tracked across all sources.
VMware Fusion 2.0.5 - vmx86 kext Local Buffer Overflow (PoC)
by mu-b
Kaspersky Anti-Virus <9.0.0.736 - DoS
kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other versions before 9.0.0.736, does not properly validate input to IOCTL 0x0022c008, which allows local users to cause a denial of service (system crash) via IOCTL requests using crafted kernel addresses that trigger memory corruption, possibly related to klavemu.kdl.
by Heurs
Notepad++ 5.4.5 - '.C' / '.CPP' Local Stack Buffer Overflow (PoC)
by fl0 fl0w
NetBSD <5.0.1 - Privilege Escalation
The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits.
by Tavis Ormandy
Hero Super Player 3000 - Buffer Overflow
Buffer overflow in Hero Super Player 3000 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in a .M3U file. NOTE: this might be related to CVE-2008-4504.
by fl0 fl0w
Ipswitch IMail <2006.21 - Buffer Overflow
Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon.
by dmc
Cerberus FTP Server 3.0.3 - Remote Denial of Service
by Single Eye
HTMLDOC 1.8.27 - '.html' File Handling Stack Buffer Overflow
by Pankaj Kohli
GemStone/S 6.3.1 - 'stoned' Local Buffer Overflow
by Jeremy Brown
Zeroboard 4.1 pl7 - Remote Code Execution via Crafted Parameter Name
lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitrary PHP code via a crafted parameter name, possibly related to now_connect.php.
by SpeeDr00t
Linux Kernel <2.6.19 - Privilege Escalation
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
by Andi
CVSS 7.8
MailEnable 1.52 - HTTP Mail Service Stack Buffer Overflow (PoC)
by fl0 fl0w
Linux Kernel <2.6.19 - Privilege Escalation
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
by INetCop Security
CVSS 7.8
Linux Kernel < 2.6.31 - Information Disclosure via Uninitialized Memory in getname Functions
The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c.
by Jon Oberheide
Linux kernel <2.6.30.4, <2.4.37.4 - Privilege Escalation
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
by Ramon de C Valle
CVSS 7.8
Linux Kernel < 2.6.31 - Information Disclosure via Uninitialized Memory in getname Functions
The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c.
by Clément Lecigne
Linux Kernel < 2.6.31 - Uninitialized Memory Exposure via llc_ui_getname
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC socket.
by Jon Oberheide
Avast! 4.8.1335 Professional - Kernel Local Buffer Overflow
by Heurs
Linux kernel <2.6.30.4, <2.4.37.4 - Privilege Escalation
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
by INetCop Security
CVSS 7.8
FreeBSD 6.1 - 'kqueue()' Null Pointer Dereference Privilege Escalation
by Przemyslaw Frasunek
Linux Kernel < 2.6.31 - Denial of Service via Pseudo-Terminal I/O Activity
The tty_ldisc_hangup function in drivers/char/tty_ldisc.c in the Linux kernel 2.6.31-rc before 2.6.31-rc8 allows local users to cause a denial of service (system crash, sometimes preceded by a NULL pointer dereference) or possibly gain privileges via certain pseudo-terminal I/O activity, as demonstrated by KernelTtyTest.c.
by Eric W. Biederman
Linux Kernel < 2.6.30.5 - 'cfg80211' Remote Denial of Service
by Jon Oberheide
Linux Kernel < 2.6.31-rc6 - Denial of Service or Privilege Escalation via CLOCK_MONOTONIC_RAW clock_nanosleep
The init_posix_timers function in kernel/posix-timers.c in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (OOPS) or possibly gain privileges via a CLOCK_MONOTONIC_RAW clock_nanosleep call that triggers a NULL pointer dereference.
by Hiroshi Shimamoto
By Source