C Exploits

3,626 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-0236 EXPLOITDB c VERIFIED
Apple Mac OS X 10.4.8 - Remote Code Execution via Crafted AppleTalk Request
Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow.
by MoAB
CVE-2007-0165 EXPLOITDB c VERIFIED
Solaris 8 and 9 - Denial of Service via Malformed RPC Requests
Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.
by Federico L. Bossi Bonin
CVE-2007-0085 EXPLOITDB c VERIFIED
OpenBSD 3.9-4.0 - Local Privilege Escalation via VGA PCI Driver NULL Pointer Dereference
Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer reference.
by Critical Security
EIP-2026-117509 EXPLOITDB c VERIFIED
Microsoft Vista - 'NtRaiseHardError' Local Privilege Escalation
by erasmus
CVE-2006-6797 EXPLOITDB c VERIFIED
Microsoft Windows XP - Denial of Service or Memory Disclosure via NtRaiseHardError
The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696.
by Ruben Santamarta
CVE-2006-6696 EXPLOITDB c VERIFIED
Microsoft Windows < Vista - Privilege Escalation
Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
by Ruben Santamarta
CVE-2006-6811 EXPLOITDB MEDIUM c VERIFIED
KsIRC 1.3.12 - Denial of Service via Long PRIVMSG String
KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow.
by Federico L. Bossi Bonin
CVSS 6.5
CVE-2006-6724 EXPLOITDB c VERIFIED
BolinTech Dream FTP Server 1.02 - DoS
BolinTech Dream FTP Server 1.02 allows remote authenticated users, including anonymous users, to cause a denial of service (application crash) via a certain invalid PORT command.
by InTeL
CVE-2006-6665 EXPLOITDB c VERIFIED
Astonsoft DeepBurner Pro & Free <1.8.0 - RCE
Buffer overflow in Astonsoft DeepBurner Pro and Free 1.8.0 and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name tag in a dbr file.
by Expanders
CVE-2006-6651 EXPLOITDB c VERIFIED
Intel 2200BG wireless driver 9.0.3.9 - RCE
Race condition in W29N51.SYS in the Intel 2200BG wireless driver 9.0.3.9 allows remote attackers to cause memory corruption and execute arbitrary code via a series of crafted beacon frames. NOTE: some details are obtained solely from third party information.
by Breno Silva Pinto
CVE-2007-0257 EXPLOITDB HIGH c VERIFIED
grsecurity PaX - Privilege Escalation
Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code
by anonymous
CVSS 7.8
CVE-2006-6493 EXPLOITDB c VERIFIED
OpenLDAP < 2.4.3 - Buffer Overflow via LDAP Bind Request with Long Credential Data
Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind request using the LDAP_AUTH_KRBV41 authentication method and long credential data.
by Solar Eclipse
CVE-2006-6538 EXPLOITDB c VERIFIED
D-LINK DWL-2000AP+ firmware 2.11 - DoS
D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the wireless link.
by poplix
CVE-2006-6199 EXPLOITDB c VERIFIED
BlazeVideo BlazeDVD Standard and Professional 5.0 - Stack-based Buffer Overflow via PLF Playlist Filename
Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Professional 5.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist.
by Greg Linares
CVE-2006-6396 EXPLOITDB c VERIFIED
BlazeVideo HDTV Player <3.5 - Buffer Overflow
Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist, a different product than CVE-2006-6199. NOTE: it was later reported that 3.5 is also affected.
by Greg Linares
CVE-2009-0450 EXPLOITDB c VERIFIED
BlazeVideo HDTV Player <3.5 - Buffer Overflow
Stack-based buffer overflow in BlazeVideo HDTV Player 3.5 and earlier allows remote attackers to execute arbitrary code via a long string in a playlist (aka .plf) file.
by Greg Linares
CVE-2006-6251 EXPLOITDB c VERIFIED
VUPlayer < 2.44 - Remote Code Execution via Long M3U File String
Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote attackers to execute arbitrary code via a long string in an M3U file, aka an "M3U UNC Name" attack.
by Expanders
CVE-2006-6287 EXPLOITDB c VERIFIED
AtomixMP3 < 2.3 - Stack-Based Buffer Overflow via Long M3U Pathname
Stack-based buffer overflow in AtomixMP3 2.3 and earlier allows remote attackers to execute arbitrary code via a long pathname in an M3U file.
by Greg Linares
CVE-2006-6173 EXPLOITDB c VERIFIED
Mac OS X < 10.4.6 - Local Buffer Overflow in shared_region_make_private_np
Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter.
by LMH
CVE-2006-6250 EXPLOITDB c VERIFIED
Songbird Media Player < 0.2 - Denial of Service via M3U Playlist Extended ASCII Handling
Format string vulnerability in Songbird Media Player 0.2 and earlier allows remote attackers to cause a denial of service (crash) via an M3U Playlist file containing extended ASCII, which causes the Unicode converter to be invoked.
by Greg Linares
CVE-2006-6261 EXPLOITDB c VERIFIED
Quintessential Player < 4.50.1.82 - Buffer Overflow via Crafted M3U, M3U-8, or PLS File
Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a) NumberofEntries, (b) Length (aka Length1), (c) Filename (aka File1), (d) Title (aka Title1) field, or other unspecified fields.
by Greg Linares
CVE-2006-5864 EXPLOITDB c VERIFIED
GNU gv 3.6.2 - Stack-based Buffer Overflow via Long Comments in PostScript Headers
Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.
by K-sPecial
CVE-2006-6130 EXPLOITDB c VERIFIED
Apple Mac OS X - Denial of Service via AIOCREGLOCALZN ioctl Command
Apple Mac OS X AppleTalk allows local users to cause a denial of service (kernel panic) by calling the AIOCREGLOCALZN ioctl command with a crafted data structure on an AppleTalk socket.
by LMH
CVE-2006-6340 EXPLOITDB c VERIFIED
nVIDIA nView - Denial of Service via Long Command Line Argument
keystone.exe in nVIDIA nView allows attackers to cause a denial of service via a long command line argument. NOTE: it is not clear whether this issue crosses security boundaries. If not, then this is not a vulnerability.
by Hessam-x
CVE-2006-5854 EXPLOITDB c VERIFIED
Novell Netware Client 4.91-4.91 SP2 - Remote Code Execution via Spooler Service Buffer Overflow
Multiple buffer overflows in the Spooler service (nwspool.dll) in Novell Netware Client 4.91 through 4.91 SP2 allow remote attackers to execute arbitrary code via a long argument to the (1) EnumPrinters and (2) OpenPrinter functions.
by Andres Tarasco Acuna
By Source
All 3,626 Writeup 62,282 Exploitdb 50,076 Nomisec 22,409 Github 3,626 Metasploit 3,312 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,570 ruby 6,003 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25