C Exploits
3,626 exploits tracked across all sources.
Solaris 10 - Denial of Service via ICMP Packets
Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.
by kingcope
Extended Module Player < 2.5.1 - Remote Code Execution via OXM File Negative Value Bypass
Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in misc/oxm.c, leading to a buffer overflow.
by Luigi Auriemma
WinUAE <= 1.4.4 - Stack-based Buffer Overflow via Long Filename in Gzipped Archive
Stack-based buffer overflow in the zfile_gunzip function in zfile.c in WinUAE 1.4.4 and earlier allows user-assisted remote attackers to execute arbitrary code via a long filename in a gzipped archive, such as a (1) gz, (2) adz, (3) roz, or (4) hdz archive in a compressed floppy disk image.
by Luigi Auriemma
Mac OS X 10.4.11 - Stack-Based Buffer Overflow via SMB Workgroup Option
Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows local users to execute arbitrary code via (1) a long workgroup (-W) option to mount_smbfs or (2) an unspecified manipulation of the command line to smbutil.
by Subreption LLC.
ProWizard 4 PC < 1.62 - Remote Code Execution via Crafted File in Multiple Rippers
Multiple stack-based buffer overflows in ProWizard 4 PC (prowiz) 1.62 and earlier allow remote attackers to execute arbitrary code via a crafted file to the (1) AMOS-MusicBank, (2) FuzzacPacker, and (3) QuadraComposer rippers; and (4) have an unknown impact via a crafted file to the SkytPacker ripper.
by Luigi Auriemma
Linux Kernel < 2.6.22 - Denial of Service via IPv6 Hop-by-Hop Extended Header
The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet.
by Clemens Kurtenbach
Rosoft Media Player <4.1.8 - Buffer Overflow
Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8, and possibly earlier versions allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a .M3U file. NOTE: some of these details are obtained from third party information.
by devcode
Linux Kernel < 2.6.11.5 - BlueTooth Stack Privilege Escalation
by Backdoored
Samba 3.0.0-3.0.27a - Stack-based Buffer Overflow via Long GETDC String in SAMLOGON Request
Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.
by x86
macOS X 10.5.1 - Denial of Service via Crafted Signed Mach-O Binary
The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL.
by mu-b
Debian GNU/Linux - Privilege Escalation
Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L (output log file) option. NOTE: this issue is only a vulnerability in limited environments, since sing is not installed setuid, and the administrator would need to override a non-setuid default during installation.
by bannedit
Mac OS X 10.4-10.5.1 - Denial of Service via Mach-O Binary Integer Overflow
Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary.
by mu-b
Mac OS X 10.5 - Denial of Service via Crafted Load Balancing Packet
The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112.
by mu-b
Zabbix <1.4.3 - Privilege Escalation
zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" scripts with gid 0, which might allow local users to gain privileges.
by Bas van Schaik
Microsoft Windows Media Player - DoS
Microsoft Windows Media Player (WMP) allows remote attackers to cause a denial of service (application crash) via a certain AIFF file that triggers a divide-by-zero error, as demonstrated by kr.aiff.
by Gil-Dong / Woo-Chi
Tencent QQ 2006 LaunchP2PShare - Multiple Stack Buffer Overflow Vulnerabilities
by axis
VMware Tools 3.1 - 'HGFS.Sys' Local Privilege Escalation
by SoBeIt
macOS 10.4-10.4.10 - Local Arbitrary Code Execution via i386_set_ldt System Call
Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a large num_sels argument to the i386_set_ldt system call.
by RISE Security
GNU tar < 1.19 - Buffer Overflow in safer_name_suffix
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
by Dmitry V. Levin
Kodak Image Viewer - Remote Code Execution via Crafted TIFF File
Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
by Gil-Dong / Woo-Chi
eXtremail <= 2.1.1 - Remote Code Execution via IMAP Buffer Overflow
Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to (1) have an unknown impact by sending multiple long strings to the IMAP port (143/tcp); (2) execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the ifParseAuthPlain function; (3) execute arbitrary code via a long LOGIN command to the admin interface port (4501/tcp); or (4) execute arbitrary code via a long string in an IMAP AUTHENTICATE LOGIN (aka CRAM-MD5 authentication) action, involving the ifProcImapAuth1 function.
by mu-b
eXtremail <= 2.1.1 - Remote Code Execution via IMAP Buffer Overflow
Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to (1) have an unknown impact by sending multiple long strings to the IMAP port (143/tcp); (2) execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the ifParseAuthPlain function; (3) execute arbitrary code via a long LOGIN command to the admin interface port (4501/tcp); or (4) execute arbitrary code via a long string in an IMAP AUTHENTICATE LOGIN (aka CRAM-MD5 authentication) action, involving the ifProcImapAuth1 function.
by mu-b
eXtremail < 2.1.1 - Remote Code Execution via POP3 USER Command Integer Overflow
Integer overflow in eXtremail 2.1.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long USER command containing "%s" sequences to the pop3 port (110/tcp), which are expanded to "%%s" before being used in the memmove function, possibly due to an incomplete fix for CVE-2001-1078.
by mu-b
eXtremail < 2.1.1 - Remote Code Execution via POP3 USER Command Integer Overflow
Integer overflow in eXtremail 2.1.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long USER command containing "%s" sequences to the pop3 port (110/tcp), which are expanded to "%%s" before being used in the memmove function, possibly due to an incomplete fix for CVE-2001-1078.
by mu-b
By Source