C Exploits

3,626 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-5225 EXPLOITDB c VERIFIED
SunOS 8-10 - Unauthenticated Memory Read via FIFO I_PEEK ioctl
Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl.
by qaaz
CVE-2007-2807 EXPLOITDB c VERIFIED
Eggdrop IRC Bot < 1.6.18 - Stack-Based Buffer Overflow via Long Private Message
Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, remote IRC servers to execute arbitrary code via a long private message.
by bangus/magnum
CVE-2007-5248 EXPLOITDB c VERIFIED
Doom 3 < 1.3.1, Quake 4 < 1.4.2, Prey < 1.3 - Remote Code Execution via Format String in PB_Y/PB_U Packets
Multiple format string vulnerabilities in the ID Software Doom 3 engine, as used by Doom 3 1.3.1 and earlier, Quake 4 1.4.2 and earlier, and Prey 1.3 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server or (2) a PB_U packet to UCON. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain.
by Luigi Auriemma
EIP-2026-103597 EXPLOITDB c VERIFIED
NovaSTOR NovaNET/NovaBACKUP 13.0 - Remote Denial of Service
by mu-b
CVE-2007-5184 EXPLOITDB c VERIFIED
smbftpd 0.96 - Remote Code Execution via Format String in Directory Name
Format string vulnerability in the SMBDirList function in dirlist.c in SmbFTPD 0.96 allows remote attackers to execute arbitrary code via format string specifiers in a directory name.
by Jerry Illikainen
CVE-2007-4573 EXPLOITDB c VERIFIED
Linux kernel <2.6.22.7 - Privilege Escalation
The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.
by Robert Swiecki
EIP-2026-104011 EXPLOITDB c VERIFIED
NovaSTOR NovaNET 12.0 - Remote SYSTEM
by mu-b
EIP-2026-104010 EXPLOITDB c VERIFIED
NovaSTOR NovaNET 12.0 - Remote Command Execution
by mu-b
CVE-2007-4573 EXPLOITDB c VERIFIED
Linux kernel <2.6.22.7 - Privilege Escalation
The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.
by Wojciech Purczynski
CVE-2007-4571 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.22.8 - Information Disclosure via ALSA snd_mem_proc_read
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.
by Karimo_DM
EIP-2026-103156 EXPLOITDB c VERIFIED
Lighttpd 1.4.17 - FastCGI Header Overflow Arbitrary Code Execution
by Andi
EIP-2026-103596 EXPLOITDB c VERIFIED
NovaSTOR NovaNET 11.0 - Remote Denial of Service / Arbitrary Memory Read
by mu-b
EIP-2026-103969 EXPLOITDB c VERIFIED
Lighttpd 1.4.16 - FastCGI Header Overflow Remote Command Execution
by Mattias Bengtsson
CVE-2007-1070 EXPLOITDB c VERIFIED
Trend Micro ServerProtect for Windows & EMC 5.58-5.62 - RCE
Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.
by devcode
EIP-2026-114726 EXPLOITDB c VERIFIED
Solaris 10 (SPARC/x86) - sysinfo Kernel Memory Disclosure
by qaaz
CVE-2007-4748 EXPLOITDB c VERIFIED
PPStream 2.0.1.3829 - Buffer Overflow via Logo Parameter
Buffer overflow in the PowerPlayer.dll ActiveX control in PPStream 2.0.1.3829 allows remote attackers to execute arbitrary code via a long Logo parameter.
by dummy
CVE-2007-4648 EXPLOITDB c VERIFIED
Norman Virus Control <5.82 - Privilege Escalation
The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak permissions (unrestricted write access) for the NvcOa device, which allows local users to gain privileges by (1) triggering a buffer overflow in a kernel pool via a string argument to ioctl 0xBF67201C; or by (2) sending a crafted KEVENT structure through ioctl 0xBF672028 to overwrite arbitrary memory locations.
by inocraM
CVE-2007-3034 EXPLOITDB c VERIFIED
Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 - Remote Code Execution via Crafted Metafile
Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
by Gil-Dong / Woo-Chi
EIP-2026-103201 EXPLOITDB c VERIFIED
ProFTPd 1.x - 'mod_tls' Remote Buffer Overflow
by netris
EIP-2026-116571 EXPLOITDB c VERIFIED
Wireshark < 0.99.6 - Mms Remote Denial of Service
by ZwelL
CVE-2007-4358 EXPLOITDB c VERIFIED
Zoidcom 0.6.7 - Denial of Service via Malformed JOIN Packet
Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of service (application crash) via a JOIN packet (aka connection packet) containing 0x69 in the ninth byte, which triggers a "double-delete" of trace data, a different vulnerability than CVE-2005-1643.
by Luigi Auriemma
CVE-2007-4366 EXPLOITDB c VERIFIED
WengoPhone 2.1 - Denial of Service via SIP INVITE Message Without Content-Type Header
WengoPhone 2.1 allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header.
by ZwelL
CVE-2007-4382 EXPLOITDB c VERIFIED
CounterPath X-Lite 3.0 34025 - Denial of Service via SIP INVITE Message
CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header.
by ZwelL
CVE-2007-4286 EXPLOITDB c VERIFIED
Cisco IOS 12.0-12.4 - Remote Code Execution and Denial of Service via NHRP Packet
Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (restart) and execute arbitrary code via a crafted NHRP packet.
by Martin Kluge
CVE-2007-4302 EXPLOITDB c VERIFIED
Generic Software Wrappers Toolkit - Privilege Escalation
Multiple race conditions in certain system call wrappers in Generic Software Wrappers Toolkit (GSWTK) allow local users to defeat system call interposition and possibly gain privileges or bypass auditing.
by Robert N. M. Watson
By Source
All 3,626 Writeup 62,260 Exploitdb 50,076 Nomisec 22,408 Github 3,623 Metasploit 3,312 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,570 ruby 6,003 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25