C Exploits
3,626 exploits tracked across all sources.
FreeBSD 7.2-RELEASE - SCTP Local Kernel Denial of Service
by Shaun Colley
Linux Kernel < 2.6.15 - Information Disclosure via Signed-Unsigned Integer Overflow in ProcFS
The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value.
by Jon Oberheide
Linux kernel <2.6.31-rc5 - Info Disclosure
The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack function.
by Jon Oberheide
PHP Fuzzer Framework - Default Location Insecure Temporary File Creation
by Melissa Elliott
Google SketchUp Pro 7.0 - '.skp' Remote Stack Overflow (PoC)
by LiquidWorm
VideoLAN VLC Media Player 0.8.6f - 'smb://' URI Handling Remote Buffer Overflow
by Pankaj Kohli
ISC BIND 9.4-9.4.3-P2, 9.5-9.5.1-P2, 9.6-9.6.1 - Denial of Service via ANY Record in Dynamic Update
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message.
by kingcope
ISC DHCP <4.1.0p1-2.0 - Buffer Overflow
Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.
by Jon Oberheide
Live For Speed 2 Version Z - '.Mpr' Local Buffer Overflow
by n00b
FreeBSD 6.0 and 8.0 - Denial of Service via IATA Driver IOCTL Request
The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev is available, allows local users to cause a denial of service (kernel panic) via a certain IOCTL request with a large count, which triggers a malloc call with a large value.
by Shaun Colley
Linux Kernel 2.6.28-2.6.28.4 - Denial of Service via UTF-8 Console Character Selection
The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an "off-by-two memory error." NOTE: it is not clear whether this issue crosses privilege boundaries.
by sgrakkyu
FreeBSD 7.0-7.1 - Local Privilege Escalation via Stack-Based Buffer Overflow in vfs_mount.c
Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in FreeBSD 7.0 and 7.1, when vfs.usermount is enabled, allows local users to gain privileges via a crafted (1) mount or (2) nmount system call, related to copying of "user defined data" in "certain error conditions."
by Patroklos Argyroudis
B Labs Bopup Comm Server <3.2.26.5460 - Buffer Overflow
Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.26.5460 allows remote attackers to execute arbitrary code via a crafted request to TCP port 19810.
by mu-b
DESlock+ 4.0.2 - Local Privilege Escalation via IOCTL 0x80012010 Request
The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local users to gain privileges via a crafted IOCTL 0x80012010 request to the DLPCryptCore device.
by mu-b
httpdx 0.8 - FTP Server Delete/Get/Create Directories/Files
by Jonathan Salwan
Apple Mac OSX xnu 1228.9.59 - Kernel Privilege Escalation
by mu-b
MySQL 4.0.0-5.0.83 - Authenticated Denial of Service via Format String in Database Name
Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
by kingcope
OpenSSL < 0.9.8i - Denial of Service via DTLS ChangeCipherSpec Packet
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
by Jon Oberheide
Atomix Virtual Dj Pro 6.0 - Local Stack Buffer Overflow (SEH)
by fl0 fl0w
glibc < 2.15 - Integer Overflow in __tzfile_read via Crafted Timezone File
Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.
by dividead
Linux Kernel < 2.6.19 - Denial of Service via Inode Double Locking Deadlock
The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions.
by Miklos Szeredi
CVSS 4.7
Nullsoft Winamp < 5.552 - Remote Code Execution via Crafted MAKI File
The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow.
by n00b
Nullsoft Winamp < 5.552 - Remote Code Execution via Crafted MAKI File
The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow.
by n00b
By Source