C Exploits
3,626 exploits tracked across all sources.
IntelliTamper 2.0.7 - Remote Code Execution via Long HREF Attribute in HTML Parser
Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of an A element, a different vulnerability than CVE-2006-2494.
by r0ut3r
SWAT 4 < 1.1 - Denial of Service via VERIFYCONTENT or GAMECONFIG Command
SWAT 4 1.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) VERIFYCONTENT or (2) GAMECONFIG command sent to the server before user session initialization, which triggers a NULL pointer dereference; or (3) a GAMESPYRESPONSE command followed by a long RS string.
by Luigi Auriemma
WinSoftMagic WinRemotePC Lite 2008 and Full 2008 - Denial of Service via Crafted TCP Packet
WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full 2008 allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet to TCP port 4321.
by Shinnok
Download Accelerator Plus <8.6.6.3 - Buffer Overflow
Stack-based buffer overflow in DAP.exe in Download Accelerator Plus (DAP) 7.0.1.3, 8.6.6.3, and other 8.x versions allows user-assisted remote attackers to execute arbitrary code via an M3U (.m3u) file containing a long MP3 URL.
by Shinnok
OpenBSD 4.0 - 'vga' Local Privilege Escalation
by lul-disclosure inc.
GFL SDK 2.82 - Stack-based Buffer Overflow via Sun TAAC File Format Keyword
Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file.
by Shinnok
Linux kernel 2.6.9-2.6.25 - Denial of Service via PTRACE_ATTACH Race Condition
Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.
by Alexei Dobryanov
Linux kernel 2.6.9-2.6.25 - Denial of Service via PTRACE_ATTACH Race Condition
Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.
by Alexei Dobryanov
Citrix Deterministic Network Enhancer 2.21.7.233-3.21.7.17464 Privilege Escalation via DNE_IOCTL
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.
by mu-b
Stalker-game S.t.a.l.k.e.r. < 1.0006 - Improper Input Validation
S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (crash) via a long nickname, which triggers an exception.
by Luigi Auriemma
Symantec Altiris Client Service 6.8.378 - Local Privilege Escalation
by Alex Hernandez
VLC < 0.8.6d - Remote Code Execution via Format String in HTTP Connection Parameter
Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.
by EpiBite
Microsoft Windows Kernel - Local Code Execution via NtUserFnOUTSTRING Input Validation
Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
by Whitecell
licq < 1.3.6 - Denial of Service via File-Descriptor Exhaustion
licq before 1.3.6 allows remote attackers to cause a denial of service (file-descriptor exhaustion and application crash) via a large number of connections.
by Milen Rangelov
SCO UnixWare 7.1.4 ReliantHA - Privilege Escalation via RELIANT_PATH Environment Variable
Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges by modifying the RELIANT_PATH environment variable to point to a malicious bin/hvenv program.
by qaaz
SCO ReliantHA 1.1.4 - Local Privilege Escalation via mcd -d Argument
Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges via a crafted -d argument that contains .. (dot dot) sequences that point to a directory containing a file whose name includes shell metacharacters.
by qaaz
Xitami 2.2a-2.5c2 - Remote Code Execution via Format String in LRWP Request
Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a Long Running Web Process (LRWP) request, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.
by bratax
mod_jk2 < 2.0.3-DEV - Remote Code Execution via Long Host Header
Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
by Heretic2
FreeBSD 6.x-7.x and NetBSD 4.x - Integer Overflow in strfmon and printf Format Handling
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.
by Maksymilian Arciemowicz
xine-lib <= 1.1.11 - Heap-Based Buffer Overflow via Crafted Media Files
Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote attackers to trigger heap-based buffer overflows and possibly execute arbitrary code via (1) a crafted .FLV file, which triggers an overflow in demuxers/demux_flv.c; (2) a crafted .MOV file, which triggers an overflow in demuxers/demux_qt.c; (3) a crafted .RM file, which triggers an overflow in demuxers/demux_real.c; (4) a crafted .MVE file, which triggers an overflow in demuxers/demux_wc3movie.c; (5) a crafted .MKV file, which triggers an overflow in demuxers/ebml.c; or (6) a crafted .CAK file, which triggers an overflow in demuxers/demux_film.c.
by Luigi Auriemma
Solaris 10 - Denial of Service via Malformed RPC Request
rpc.metad in Sun Solaris 10 allows remote attackers to cause a denial of service (daemon crash) via a malformed RPC request.
by kingcope
SunOS 8-10 - Unauthenticated Memory Read via FIFO I_PEEK ioctl
Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl.
by Marco Ivaldi
SafeGuard PrivateDisk 2.0/2.3 - 'privatediskm.sys' Multiple Local Security Bypass Vulnerabilities
by mu-b
ADI Convergence Galaxy FTP Server Password - Remote Denial of Service
by Maks M
By Source