C Exploits
3,628 exploits tracked across all sources.
Ipswitch WS_FTP Limited Edition 5.08 - Remote Code Execution via Long PASV Response
Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.
by h07
Dr.Web Scanner for Linux < 4.33_for_linux - Remote Code Execution via LHA Archive Extended Header
Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name.
by Guay-Leroux
Google Earth 4.0.2091 - Denial of Service via Long href Element in KML/KMZ File
Buffer overflow in Google Earth v4.0.2091 (beta) allows remote user-assisted attackers to cause a denial of service (crash) via a KML or KMZ file with a long href element.
by JAAScois
Internet Explorer 6.0 SP1 - Buffer Overflow
Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446.
by nop
X Window System X11R6.4- - Buffer Overflow
Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.
by Marco Ivaldi
Open Movie Editor <0.0.20060901 - Buffer Overflow
Buffer overflow in Open Movie Editor 0.0.20060901 allows local users to cause a denial of service (system crash) or execute arbitrary code via a long project name in an open_movie_editor_project XML tag.
by Qnix
X Window System X11R6.4- - Buffer Overflow
Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.
by RISE Security
X Window System X11R6.4- - Buffer Overflow
Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.
by RISE Security
X Window System X11R6.4- - Buffer Overflow
Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.
by RISE Security
TIBCO Rendezvous 7.4.11 - add router Remote Buffer Overflow
by Andres Tarasco
TIBCO RendezVous <7.4.11 - Info Disclosure
TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and passwords in rvrd.db, which allows local users to obtain sensitive information by decoding the log file.
by Andres Tarasco
Streamripper - Buffer Overflow in HTTP Header Parsing
Buffer overflow in the HTTP header parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted HTTP headers.
by psylocn
Streamripper - Buffer Overflow in HTTP Header Parsing
Buffer overflow in the HTTP header parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted HTTP headers.
by Expanders
Microsoft Windows <2003 - Buffer Overflow
Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
by ub3rst4r
Symantec AntiVirus <20061.3.0.12 - Privilege Escalation
The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB.
by Ruben Santamarta
Symantec AntiVirus <20061.3.0.12 - Privilege Escalation
The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB.
by Ruben Santamarta
Sun Solaris - Kernel Memory Exposure via sysinfo System Call
systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. NOTE: this issue has been referred to as an integer overflow, but it is probably more like a signedness error or integer underflow.
by Marco Ivaldi
WFTPD Server 3.23 - Remote Code Execution via Long SIZE Command
Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands.
by h07
Microsoft Windows <2003 - Buffer Overflow
Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
by Preddy
Microsoft Windows 2000, XP, and Server 2003 - Denial of Service via Crafted PNG IHDR Block
Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
by vegas78
Microsoft Windows 2000, XP, and Server 2003 - Denial of Service via Crafted PNG IHDR Block
Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
by Preddy
MODPlug Tracker < 1.17.02.43 - Buffer Overflow via Crafted ITP and AMF Files
Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.
by Luigi Auriemma
ArcSoft MMS Composer < 1.5.5.6 - Denial of Service via WAPPush Messages
ArcSoft MMS Composer 1.5.5.6 and possibly earlier, and 2.0.0.13 and possibly earlier, allow remote attackers to cause a denial of service (resource exhaustion and application crash) via WAPPush messages to UDP port UDP 2948.
by Collin Mulliner
ArcSoft MMS Composer < 1.5.5.6 - Buffer Overflow via Crafted MMS Messages
Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and possibly earlier, and 2.0.0.13, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted MMS (Multimedia Messaging Service) messages that trigger the overflows in the (1) M-Notification.ind, (2) M-Retrieve.conf (Header and Body), or (3) SMIL parsers.
by Collin Mulliner
By Source