C Exploits

3,626 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-1378 EXPLOITDB c VERIFIED
OpenSSL 0.9.8-0.9.8k - Denial of Service via DTLS Fragment Handling Memory Leak
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
by Jon Oberheide
CVE-2009-1379 EXPLOITDB c VERIFIED
OpenSSL 1.0.0 Beta 2 - Use-After-Free in DTLS Fragment Retrieval
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.
by Jon Oberheide
EIP-2026-102905 EXPLOITDB c VERIFIED
Linux Kernel 2.6.29 - 'ptrace_attach()' Race Condition Privilege Escalation
by prdelka
CVE-2009-1574 EXPLOITDB c VERIFIED
ipsec-tools < 0.7.2 - Denial of Service via Crafted Fragmented Packets
racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.
by mu-b
CVE-2009-1527 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.30-rc4 - Privilege Escalation via PTRACE_ATTACH Race Condition
Race condition in the ptrace_attach function in kernel/ptrace.c in the Linux kernel before 2.6.30-rc4 allows local users to gain privileges via a PTRACE_ATTACH ptrace call during an exec system call that is launching a setuid application, related to locking an incorrect cred_exec_mutex object.
by s0m3b0dy
CVE-2009-1668 EXPLOITDB c VERIFIED
TYPSoft FTP Server 1.11 - Denial of Service via ABOR Command
TYPSoft FTP Server 1.11 allows remote attackers to cause a denial of service (CPU consumption) by sending an ABOR (abort) command without an active file transfer.
by Jonathan Salwan
EIP-2026-114712 EXPLOITDB c VERIFIED
Solaris 10 / OpenSolaris - 'fasttrap' Local Kernel Denial of Service (PoC)
by mu-b
CVE-2009-1478 EXPLOITDB c VERIFIED
OpenSolaris < snv_114 - Denial of Service via DTrace ioctl Handlers
Multiple unspecified vulnerabilities in the DTrace ioctl handlers in Sun Solaris 10, and OpenSolaris before snv_114, allow local users to cause a denial of service (panic) via unknown vectors.
by mu-b
CVE-2009-1416 EXPLOITDB c VERIFIED
GnuTLS 2.5.0-2.6.5 - Invalid DSA Key Generation via RSA Key Storage
lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.
by Miroslav Kratochvil
CVE-2009-1185 EXPLOITDB c VERIFIED
udev < 141 - Privilege Escalation via Unverified NETLINK Message
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
by Jon Oberheide
CVE-2009-1415 EXPLOITDB c VERIFIED
GnuTLS < 2.6.6 - Denial of Service via Invalid DSA Signature Handling
lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.
by Miroslav Kratochvil
EIP-2026-113366 EXPLOITDB c VERIFIED
webSPELL 4.2.0d (Linux) - Local File Disclosure
by StAkeR
CVE-2009-0065 EXPLOITDB c VERIFIED
Linux kernel <2.6.28 - Buffer Overflow
Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID.
by sgrakkyu
CVE-2009-1627 EXPLOITDB c VERIFIED
Streaming Download Project Downloader 2.3.0 - Remote Code Execution via Long ASF URL in ASX File
Stack-based buffer overflow in Streaming Download Project (SDP) Downloader 2.3.0 allows remote attackers to execute arbitrary code via a long .asf URL in the HREF attribute of a REF element in a .asx file.
by SimO-s0fT
CVE-2009-0036 EXPLOITDB c VERIFIED
libvirt_proxy 0.5.1 - Buffer Overflow
Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.
by Jon Oberheide
CVE-2008-5904 EXPLOITDB c VERIFIED
xrdp < 0.4.1 - Buffer Overflow via Crafted RDP Color Pointer PDU
The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and earlier allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain length variables, leading to a buffer overflow.
by joe walko
CVE-2009-1356 EXPLOITDB c VERIFIED
Elecard AVC HD Player - Stack-Based Buffer Overflow via Long MP3 Filename in Playlist
Stack-based buffer overflow in Elecard AVC HD Player allows remote attackers to execute arbitrary code via a long MP3 filename in a playlist (.xpl) file.
by fl0 fl0w
CVE-2009-1327 EXPLOITDB c VERIFIED
Mini-stream WM Downloader 3.0.0.9 - Stack-based Buffer Overflow via Long URI in Playlist File
Stack-based buffer overflow in Mini-stream WM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
by Stack
EIP-2026-107038 EXPLOITDB c VERIFIED
Family Connections 1.8.2 - Arbitrary File Upload
by Salvatore Fresta
EIP-2026-115133 EXPLOITDB c VERIFIED
DeepBurner 1.9.0.228 - Stack Buffer Overflow (SEH) (PoC)
by fl0 fl0w
EIP-2026-103753 EXPLOITDB c VERIFIED
XBMC 8.10 - GET Multiple Remote Buffer Overflows (PoC)
by n00b
CVE-2009-1210 EXPLOITDB c VERIFIED
Wireshark < 1.0.6 - Remote Code Execution via PN-DCP Station Name Format String
Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information.
by THCX Labs
CVE-2009-0360 EXPLOITDB c VERIFIED
pam-krb5 <3.13 - Privilege Escalation
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.
by Jon Oberheide
CVE-2008-5626 EXPLOITDB c VERIFIED
XM Easy Personal FTP Server 5.6.0 - DoS
XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by a -1 argument.
by Jonathan Salwan
CVE-2008-2032 EXPLOITDB c VERIFIED
Acritum Femitter Server 1.03 - Denial of Service via Crafted RETR Commands
The FTP service in Acritum Femitter Server 1.03 allows remote attackers to cause a denial of service (crash) by sending multiple crafted RETR commands. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Jonathan Salwan
By Source
All 3,626 Writeup 62,204 Exploitdb 50,076 Nomisec 22,391 Github 3,608 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,563 ruby 6,002 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25