C Exploits
3,626 exploits tracked across all sources.
Total Video Player 1.3.7 - '.m3u' Local Buffer Overflow
by SimO-s0fT
WFTPD Pro 3.30 - Multiple Command Remote Denial of Service Vulnerabilities
by LiquidWorm
Sun Solaris 10-11 & OpenSolaris - DoS
The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficient validation security vulnerability," as demonstrated by SunOSipv6.c.
by kingcope
Niels Provos Systrace <1.6f - Privilege Escalation
Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in monitoring 64-bit processes.
by Chris Evans
D-bus <1.2.4 - DoS
The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.
by Jon Oberheide
FreeBSD 6.3-7.2-PRERELEASE - Information Disclosure via Uninitialized Memory in db Interface
The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file.
by Jaakko Heinonen
GOM Player 2.0.12.3375 - '.asx' Local Stack Overflow
by DATA_SNIPER
Microsoft Windows Media Player <11.0.5721.5260 - DoS
Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927.
by anonymous
Linux Kernel < 2.6.26.4 - Sensitive Information Exposure via SCTP_HMAC_IDENT IOCTL
The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function.
by Jon Oberheide
FreeBSD 6-7 - Privilege Escalation via Uninitialized Function Pointers
Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, 6.3 before 6.3-RELEASE-p7, 6.4 before 6.4-RELEASE-p1, 7.0 before 7.0-RELEASE-p7, 7.1 before 7.1-RC2, and 7 before 7.1-PRERELEASE allow local users to gain privileges via unknown attack vectors related to function pointers that are "not properly initialized" for (1) netgraph sockets and (2) bluetooth sockets.
by Don Bailey
Linux Kernel < 2.6.25 - Denial of Service via Network Traffic Flood
The __qdisc_run function in net/sched/sch_generic.c in the Linux kernel before 2.6.25 on SMP machines allows local users to cause a denial of service (soft lockup) by sending a large amount of network traffic, as demonstrated by multiple simultaneous invocations of the Netperf benchmark application in UDP_STREAM mode.
by Herbert Xu
CUPS 1.3.8 - Arbitrary File Overwrite via Symlink Attack on Temporary File
pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.
by Jon Oberheide
avahi < 0.6.24 - Denial of Service via mDNS Packet with Source Port 0
The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure.
by Jon Oberheide
Linux Kernel 2.6.27.7-generic/2.6.18/2.6.24-1 - Local Denial of Service
by Adurit-T
Linux Kernel <= 2.6.27.8 - Denial of Service via ATM Subsystem SVC Socket Handling
net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table.
by Jon Oberheide
ClamAV < 0.94.2 - Denial of Service via Crafted JPEG File
Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions.
by ilja van sprundel
Oracle Database Vault - 'ptrace(2)' Local Privilege Escalation
by Jakub Wartak
Microsoft Windows Vista Gold & SP1 - Buffer Overflow
Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. NOTE: this issue might not cross privilege boundaries.
by Marius Wachtler
No-IP DUC < 2.1.7 - Remote Code Execution via DNS Update Response Buffer Overflow
Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP servers to execute arbitrary code via a crafted response to a DNS update request, related to a missing length check in the GetNextLine function.
by XenoMuta
Microsoft Windows Server Service - Remote Code Execution via Crafted RPC Request
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
by Polymorphours
CVSS 9.8
Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic (Denial of Service)
by Andrea Bittau
Linux Kernel < 2.6.22 - Privilege Escalation via Setuid/Setgid Bit Handling
fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.
by gat3way
VicFTPS 5.0 - Denial of Service via Malformed LIST Command
VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a LIST command that starts with a "/\/" (forward slash, backward slash, forward slash). NOTE: this might be the same issue as CVE-2008-2031.
by Alfons Luja
By Source