C Exploits
3,626 exploits tracked across all sources.
Panda Antivirus 2008 - Privilege Escalation
Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657.
by tarkus
Live for Speed (LFS) S2 ALPHA PATCH 0.5x - Buffer Overflow
Buffer overflow in Live for Speed (LFS) S2 ALPHA PATCH 0.5x allows user-assisted remote attackers to execute arbitrary code via a .mpr file (replay file) that contains a long car name.
by n00b
Borland Interbase 2007 SP1 - Create-Request Remote Overflow
by BackBone
Frank Yaul corehttp <0.5.3alpha - RCE
Multiple buffer overflows in the HttpSprockMake function in http.c in Frank Yaul corehttp 0.5.3alpha allow remote attackers to execute arbitrary code via a long string in the (1) method name or (2) URI in an HTTP request.
by vade79
IBM AIX <5.3 SP6 & 5.2.0 - Buffer Overflow
Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows local users to execute arbitrary code via unspecified vectors that trigger the overflow in a gets function call. NOTE: the client is setuid root on AIX, so this issue crosses privilege boundaries.
by qaaz
IBM AIX 5.2.0 and 5.3 SP6 - Remote Code Execution via Terminal Control Sequence Overflow
Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 allows remote attackers to execute arbitrary code via a large number of terminal control sequences.
by qaaz
IBM AIX 5.2.0 and 5.3 SP6 - Remote Code Execution via Terminal Control Sequence Overflow
Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 allows remote attackers to execute arbitrary code via a large number of terminal control sequences.
by qaaz
Mike Dubman Windows RSH daemon 1.7 - Buffer Overflow
Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 allows remote attackers to execute arbitrary code via a long string to the shell port (514/tcp). NOTE: this might overlap CVE-2007-4006.
by Joey Mengele
Mike Dubman Windows RSH daemon (rshd) 1.7 - Buffer Overflow
Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unknown impact and remote attack vectors, aka ZD-00000034. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
by Joey Mengele
Asterisk < 1.2.22 and 1.4.x < 1.4.8 - Denial of Service via Crafted Skinny Channel Packet
The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy."
by fbffff
WinPcap - Memory Corruption via IOCTL 9031 BIOCGSTATS Handler
The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters.
by Mario Ballano Bárcena
Linux kernel <2.6.20.2 - Info Disclosure
The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference.
by dreyer
Apache Tomcat JK Web Server Connector <1.2.21 - RCE
Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
by Xpl017Elz
SAP DB - Remote Code Execution via Stack-Based Buffer Overflow in waHTTP.exe
Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other unspecified vectors related to "numerous other fields."
by Mark Litchfield
W3Filer 2.1.3 - Stack-Based Buffer Overflow via FTP Banner
Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers to cause a denial of service (application hang or crash) and possibly execute arbitrary code by sending a large banner to a client that is sending a file.
by r0ut3r
libgd < 2.0.35_rc5 - Denial of Service via gdImageCreateXbm Function
The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.
by anonymous
BitchX 1.1-final - Command Injection
hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and executes shell commands.
by clarity_
Yahoo! Messenger - Buffer Overflow via Webcam Viewer ActiveX Control
Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method.
by Excepti0n
Yahoo! Messenger - Buffer Overflow in Webcam Upload ActiveX Control
Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information.
by Excepti0n
SafeNET High Assurance Remote and SoftRemote - Denial of Service via Invalid IPv6 IPSec Packet
IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build 12, and SoftRemote, allows remote attackers to cause a denial of service (infinite loop and system hang) via an invalid packet with certain bytes in an option header, possibly related to the IPv6 support for IPSec.
by mu-b
Agnitum Outpost Firewall PRO 4.0 1007.591.145 and earlier - Denial of Service via outpost_ipc_hdr Mutex Capture
Unrestricted critical resource lock in Agnitum Outpost Firewall PRO 4.0 1007.591.145 and earlier allows local users to cause a denial of service (system hang) by capturing the outpost_ipc_hdr mutex.
by Matousec Transparent security
Bochs 2.3 - Denial of Service via Floppy Disk Controller
The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error.
by Tavis Ormandy
Apache HTTP Server 1.3.28-1.3.36 & 2.0.46-2.0.58 - DoS & RCE via mod_rewrite LDAP Handling
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
by fabio/b0x
Linux Kernel < 2.6.21.2 - Denial of Service via VFAT Compat Ioctls
The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors.
by Bart Oldeman
MagicISO <5.4.239 - Buffer Overflow
Stack-based buffer overflow in MagicISO 5.4 build 239 and earlier allows remote attackers to execute arbitrary code via a long filename in a .cue file.
by vade79
By Source