C Exploits
3,628 exploits tracked across all sources.
Linux Kernel <2.6.11.5 - Privilege Escalation
The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.
by backdoored.net
Computer Associates iGateway <4.0.050623 - RCE
Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests.
by egm
up-imapproxy 1.2.3-1.2.4 - Remote Code Execution via Format String in Banner or Capability Line
Format string vulnerability in the ParseBannerAndCapability function in main.c for up-imapproxy 1.2.3 and 1.2.4 allows remote IMAP servers to execute arbitrary code via format string specifiers in a banner or capability line.
by Steve Kemp
GNOME libzvt2/libvte4 - Info Disclosure
gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed.
by Paul Szabo
Virtools Web Player <3.0.0.100 - RCE
Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to execute arbitrary code via a long filename.
by Luigi Auriemma
ProZilla Download Accelerator 1.3.7.4 - Buffer Overflow via FTP Search HREF Field
Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 and possibly earlier, with the -ftpsearch option enabled, allows remote servers to execute arbitrary code via a search response with a crafted string in the HREF field of an <A> tag.
by taviso
MultiTheftAuto 0.5 - Multiple Vulnerabilities
by Luigi Auriemma
MultiTheftAuto <0.5 - Command Injection
MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client privileges when running command 40, which allows remote attackers to change or delete the message of the day (motd.txt).
by Luigi Auriemma
Real HelixPlayer & RealPlayer 10 - RCE
Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file.
by c0ntex
GNU Mailutils 0.6 - Authenticated Remote Code Execution via IMAP SEARCH Command Format String
Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command.
by Angelo Rosiello
Nokia Series 60 - Denial of Service via Bluetooth Nickname
Nokia Symbian 60 allows remote attackers to cause a denial of service (phone restart) via a Bluetooth nickname.
by Qnix
Mercury Mail Transport System < 4.01b - Remote Code Execution via Long LOGIN Command
Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961.
by c0d3r
wireless_tools - Buffer Overflow via HOME Environment Variable
Buffer overflow in iwconfig allows local users to execute arbitrary code via a long HOME environment variable.
by Qnix
Snort 2.4.0 - SACK TCP Option Error Handling Denial of Service
by nitr0us
Snort 2.x - PrintTcpOptions Remote Denial of Service
by VulnFact Security Labs
GNU Mailutils 0.6 - Authenticated Remote Code Execution via IMAP SEARCH Command Format String
Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command.
by Clément Lecigne
Zebedee 2.4.1 - Denial of Service via Zero Port Number in Protocol Option Header
Zebedee 2.4.1, when "allowed redirection port" is not set, allows remote attackers to cause a denial of service (application crash) via a zero in the port number of the protocol option header, which triggers an assert error in the makeConnection function in zebedee.c.
by Shiraishi.M
Windows 2000, XP SP1/SP2, Server 2003 - Local Privilege Escalation via WINSRV.DLL FaceName Buffer Overflow
Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
by eyas
Microsoft Windows - 'keybd_event' Local Privilege Escalation
by Andrés Acunha
BNBT BitTorrent Tracker Beta 7.5 Release 2 - Denial of Service via Basic Authorization HTTP Request
The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 Release 2 and earlier allows remote attackers to cause a denial of service (crash) via a Basic Authorization HTTP request with a "A==" value.
by Sowhat
By Source