C Exploits
3,628 exploits tracked across all sources.
FtpXQ Server 3.0.1 - Denial of Service via Long MKD Command
FtpXQ Server 3.0.1 allows remote attackers to cause a denial of service (CPU exhaustion) via a long MKD command.
by Federico Fazzi
HP-UX - Stack-based Buffer Overflow via Long -S Argument
Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain.
by prdelka
HP-UX - Stack-based Buffer Overflow via Long -S Argument
Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain.
by prdelka
HP-UX B.11.11 - Local Format String Vulnerability via swask -s Argument
Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain.
by prdelka
HP-UX B.11.11 - Buffer Overflow via Long TZ Environment Variable
Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable.
by prdelka
Cisco VPN 3000 Concentrator 4.1.7/4.7.2 - 'FTP' Remote File System Access
by prdelka
FreeBSD 6.1 and OpenBSD 4.0 - Denial of Service via /dev/crypto ioctl Requests
The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certain ioctl requests to /dev/crypto.
by Evgeny Legerov
qk_smtp < 3.0.1 - Remote Code Execution via RCPT TO Command
Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow remote attackers to execute arbitrary code via a long argument to the RCPT TO command.
by Greg Linares
Ipswitch Collaboration Suite, IMail, IMail Plus, and IMail Secure - Stack-Based Buffer Overflow via SMTP Daemon
Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character.
by Greg Linares
NVIDIA Binary Graphics Driver <v8774,v8762 - RCE
The accelerated rendering functionality of NVIDIA Binary Graphics Driver (binary blob driver) For Linux v8774 and v8762, and probably on other operating systems, allows local and remote attackers to execute arbitrary code via a large width value in a font glyph, which can be used to overwrite arbitrary memory locations.
by Rapid7 Security
FreeBSD 6.0/6.1 - Ftrucante Local Denial of Service
by Kirk Russell
FreeBSD 5.5/6.x - Scheduler Policy Local Denial of Service
by Diane Bruce
FreeBSD 6.1 - Denial of Service via Scheduler Policy Setting
p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by setting a scheduler policy, which should only be settable by root.
by kokanin
FreeBSD 6.1 - Denial of Service via ftruncate on Non-Standard File Types
ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by calling the ftruncate function on a file type that is not VREG, VLNK or VDIR, which is not defined in POSIX.
by kokanin
Invision Gallery 2.0.7 (Linux) - 'readfile()' / SQL Injection
by ShadOS
FreeBSD 6.0-RELEASE - Denial of Service via PT_LWPINFO ptrace Command
Integer signedness error in FreeBSD 6.0-RELEASE allows local users to cause a denial of service (memory corruption and kernel panic) via a PT_LWPINFO ptrace command with a large negative data value that satisfies a signed maximum value check but is used in an unsigned copyout function call.
by kokanin
CA BrightStor ARCserve Backup <r11.5 SP1 - RCE
Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.
by LSsec.com
Invision Gallery 2.0.7 - Path Traversal
Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used.
by 1nf3ct0r
Invision Gallery 2.0.7 - SQL Injection
SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used.
by 1nf3ct0r
Mac OS X 10.4-10.4.7 - Local Privilege Escalation via Mach Exception Port Manipulation
The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function.
by xmath
Microsoft IE - Code Injection
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.
by LukeHack
CVSS 8.8
InterVations NaviCOPA Web Server 2.01 - RCE
Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request.
by h07
FreeBSD < 5.5 - Denial of Service via i386_set_ldt Integer Signedness Error
Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) via unspecified arguments that use negative signed integers to cause the bzero function to be called with a large length parameter, a different vulnerability than CVE-2006-4172.
by Adriano Lima
Microsoft Windows 2000 SP4 - Privilege Escalation
Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
by SoBeIt
Microsoft Internet Explorer - 'VML' Remote Buffer Overflow
by nop
By Source