C Exploits
3,628 exploits tracked across all sources.
Audacious AdPlug < 2.0 - Stack-Based Buffer Overflow via Large DTM or S3M Files
Multiple stack-based buffer overflows in Audacious AdPlug 2.0 and earlier allow remote user-assisted attackers to execute arbitrary code via large (1) DTM and (2) S3M files.
by Luigi Auriemma
Microsoft Windows 2000, Windows XP, and Windows Server 2003 - Remote Code Execution via IP Source Routing
Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
by Preddy
BitchX 1.1-final - 'do_hook()' Remote Denial of Service
by Federico L. Bossi Bonin
Microsoft Excel 2000-2004 - Remote Code Execution
Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
by naveed afzal
Microsoft Windows 2000 SP4, XP SP1-SP2, Server 2003 SP1 and earlier - Denial of Service via SMB Invalid Handle
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
by Ruben Santamarta
CVSS 5.5
Microsoft Windows SMB Driver Ioctl Local Privilege Escalation
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
by Ruben Santamarta
Microsoft Windows 2000 SP4, XP SP1-SP2, Server 2003 SP1 and earlier - Denial of Service via SMB Invalid Handle
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
by Ruben Santamarta
CVSS 5.5
Thomas Boutell graphics draw <2.0.33 - DoS
The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.
by Xavier Roche
Quake 3 Engine <1.32c - Buffer Overflow
Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion.
by Luigi Auriemma
Linux Kernel < 2.6.16.18 - Denial of Service via SNMP Trap Decode Failure
The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees of previously-freed memory (double-free) by snmp_trap_decode as well as its calling function, as demonstrated via certain test cases of the PROTOS SNMP test suite.
by ECL Labs
iShopCart - Buffer Overflow in vGetPost and main Functions
Multiple buffer overflows in the (1) vGetPost and (2) main functions in easy-scart.c through easy-scart6.c in iShopCart allow remote attackers to execute arbitrary code by sending a large amount of data containing "Submit" in an sslinvoice action, and allow remote attackers to have an unknown impact via a large amount of posted data.
by K-sPecial
xine-lib 1.1.1 - Denial of Service via HTTP Plugin Long Reply
Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.
by Federico L. Bossi Bonin
portmap 5 Beta - 'Set/Dump' Local Denial of Service
by Federico L. Bossi Bonin
Cyrus IMAPD 2.3.2 - Stack-Based Buffer Overflow via Long USER Command
Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
by kingcope
IntelliTamper < 2.07 - Stack-Based Buffer Overflow via Crafted .map File
Stack-based buffer overflow in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a crafted .map file.
by Devil-00
Medal of Honor - 'getinfo' Remote Buffer Overflow
by RunningBon
Intel PROset/Wireless < 10.1.0.33 - Unprotected Shared Memory Access
S24EvMon.exe in the Intel PROset/Wireless software, possibly 10.1.0.33, uses a S24EventManagerSharedMemory shared memory section with weak permissions, which allows local users to read or modify passwords or other data, or cause a denial of service.
by Ruben Santamarta
acFTP 1.4 - Denial of Service via Long USER Command String
acFTP 1.4 allows remote attackers to cause a denial of service (application crash) via a long string with "{" (brace) characters to the USER command.
by Omni
Quake 3 Engine - Buffer Overflow via Long remapShader Command
Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote attackers to execute arbitrary commands via a long remapShader command.
by landser
MySQL <= 5.0.20 - Remote Code Execution via Crafted COM_TABLE_DUMP Packets
Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values.
by Stefano Di Paola
MySQL 4.0.x-4.0.26, 4.1.x-4.1.18, 5.0.x-5.0.20 - Unauthenticated Memory Disclosure via Username Buffer Over-Read
The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.
by Stefano Di Paola
Fenice < 1.10 - Remote Code Execution via RTSP URL Parsing Buffer Overflow
Buffer overflow in the parse_url function in the RTSP module (rtsp/parse_url.c) in Fenice 1.10 and earlier allows remote attackers to execute arbitrary code via a long URL.
by c0d3r
Neon Responder 5.4 - Clock Synchronization Denial of Service
by Stefan Lochbihler
Neon Responder 5.4 - Denial of Service via Crafted Clock Synchronisation Packet
Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a denial of service (application outage) via a crafted Clock Synchronisation packet that triggers an access violation.
by Stefan Lochbihler
By Source