C Exploits
3,626 exploits tracked across all sources.
Telnet-Ftp Service Server 1.x - (Authenticated) Multiple Vulnerabilities
by Jonathan Salwan
Sysax Multi Server 4.3 and 4.5 - Authenticated Path Traversal via DELE Command
Directory traversal vulnerability in Sysax Multi Server 4.3 and 4.5 allows remote authenticated users to delete arbitrary files via a ..// (dot dot slash slash) in a DELE command.
by Jonathan Salwan
macOS X < 10.5.6 - Denial of Service via HFS vfs sysctl Race Condition
Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic because of lack of mutex locking for an unspecified global variable.
by mu-b
macOS X < 10.5.6 - Heap-Based Buffer Overflow via AppleTalk ZIP NOTIFY Packet
Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member.
by mu-b
macOS < 10.5.6 - Denial of Service via SYS_add_profil or SYS___mac_getfsstat System Calls
Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call.
by mu-b
macOS < 10.5.6 - Denial of Service via SYS_add_profil or SYS___mac_getfsstat System Calls
Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call.
by mu-b
FreeBSD 7.0-7.2 - Local Arbitrary Kernel Memory Overwrite via ktimer Out-of-Bounds Timer Value
The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 allows local users to overwrite arbitrary kernel memory via an out-of-bounds timer value.
by mu-b
FreeBSD 7.x - Dumping Environment Local Kernel Panic (Denial of Service)
by kokanin
Racer 0.5.3 beta 5 - Buffer Overflow
Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbitrary code via a long string to UDP port 26000.
by fl0 fl0w
SW-HTTPD Server 0.x - Remote Denial of Service
by Jonathan Salwan
Rosoft Media Player 4.2.1 (Windows XP SP2/3 French) - Local Buffer Overflow
by SimO-s0fT
ZipGenius - Stack-Based Buffer Overflow via Crafted ZIP File
Stack-based buffer overflow in ZipGenius might allow remote attackers to execute arbitrary code via a crafted .zip file that triggers an SEH overwrite. NOTE: it is possible that this overlaps CVE-2005-3317. NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product.
by fl0 fl0w
MicroSmarts ZipItFast! 3.0 - Remote Code Execution via Crafted ZIP File
MicroSmarts Enterprise ZipItFast! 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file that triggers memory corruption, related to a "format string buffer overflow." NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product.
by fl0 fl0w
ediSys eZip Wizard 3.0 - Stack-Based Buffer Overflow via Crafted ZIP File
Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file.
by fl0 fl0w
PowerZip 7.2 - Stack-based Buffer Overflow via Crafted ZIP File
Stack-based buffer overflow in Trident PowerZip 7.2 might allow remote attackers to execute arbitrary code via a crafted .zip file. NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product.
by fl0 fl0w
PHP Director 0.21 - SQL Into Outfile 'eval()' Injection
by StAkeR
Linux kernel <2.6.28.7 - Privilege Escalation
The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod, a related issue to CVE-2009-0342 and CVE-2009-0343.
by Chris Evans
Apple Mac OSX xnu 1228.x - Local Kernel Memory Disclosure
by mu-b
Linux kernel <2.6.28 - Privilege Escalation
The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit.
by Chris Evans
Linux Kernel < 2.6.28.6 - Information Disclosure via SO_BSDCOMPAT getsockopt Request
The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.
by Clément Lecigne
dBpowerAMP Audio Player 2 - '.pls' Local Buffer Overflow
by SimO-s0fT
MultiMedia Soft AdjMmsEng.dll <7.11.2.7 - Buffer Overflow
Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 and 7.11.2.7, as distributed in multiple MultiMedia Soft audio components for .NET, allows remote attackers to execute arbitrary code via a long string in a playlist (.pls) file, as originally reported for Euphonics Audio Player 1.0. NOTE: some of these details are obtained from third party information.
by Single Eye
Windows XP SP3 - Denial of Service via SPI_SETDESKWALLPAPER SystemParametersInfo Call
Microsoft Windows XP SP3 allows local users to cause a denial of service (system crash) by making an SPI_SETDESKWALLPAPER SystemParametersInfo call with an improperly terminated pvParam argument, followed by an SPI_GETDESKWALLPAPER SystemParametersInfo call.
by Arkon
By Source