C Exploits
3,628 exploits tracked across all sources.
Windows NT 4.0, 2000, XP, and Server 2003 - Remote Code Execution via Malicious SMB Transaction Responses
The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields.
by cybertronic
phpBB 2.0.15 - Register Multiple Users (Denial of Service)
by HaCkZaTaN
PeerCast < 0.1211 - Remote Code Execution via Format String in URL
Format string vulnerability in PeerCast 0.1211 and earlier allows remote attackers to execute arbitrary code via format strings in the URL.
by darkeagle
launchd 106 - Local Privilege Escalation
launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users to overwrite arbitrary files via a symlink attack on the socket file in an insecure temporary directory.
by intropy
IBM AIX 5.3 - Format String Vulnerability in paginit Command
Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via format strings in command line arguments.
by intropy
IBM AIX 5.1-5.3 - Local Buffer Overflow via netpmon -O Argument
Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -O argument.
by intropy
IBM AIX 5.1-5.3 - Local Buffer Overflow via ipl_varyon -d Argument
Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -d argument.
by intropy
Webhints 1.03 - Remote Command Execution via Shell Metacharacters
hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
by Alpha_Programmer
GNU Mailutils imap4d 0.5 < 0.6.90 - Remote Format String
by qobaiashi
tcpdump 3.x - Denial of Service via BGP Packet Handling
The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.
by simon
Ipswitch IMail < 8.2 Hotfix 2 - Remote Code Execution via IMAP LOGIN Command
Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character.
by nolimit
FUSE 2.x < 2.3.0 - Information Disclosure via Unfilled Memory Pages
FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information.
by Miklos Szeredi
Crob FTP 3.6.1 - Remote Code Execution via Long FTP Command or Globbing Character
Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier versions, allow remote attackers to execute arbitrary code via (1) an FTP command with a large string followed by the RMD command with a long string or (2) a globbing ("*") character followed by a long string.
by Leon Juranic
FutureSoft TFTP Server Evaluation Version 1.0.0.1 - Remote Code Execution via Long Filename or Transfer Mode String
Multiple stack-based buffer overflows in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allow remote attackers to execute arbitrary code via a long (1) filename or (2) transfer mode string in a Read Request (RRQ) or Write Request (WRQ) packet.
by ATmaCA
Windows 2000, XP, and Server 2003 - Remote Code Execution via COM Structured Storage
Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."
by Cesar Cerrudo
Zeroboard 4.1pl2-4.1pl5 - Remote Code Execution via preg_replace Function
zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attackers to execute arbitrary PHP code via improper quoting when using the preg_replace function.
by n0gada
Ethereal < 0.10.11 - Multiple Buffer Overflows in Dissectors
Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS, (5) CRMF, (6) ESS, (7) OCSP, (8) X.509, (9) ISIS, (10) DISTCC, (11) FCELS, (12) Q.931, (13) NCP, (14) TCAP, (15) ISUP, (16) MEGACO, (17) PKIX1Explitit, (18) PKIX_Qualified, (19) Presentation dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.
by Team W00dp3ck3r
Exim < 4.43 - Buffer Overflow via IPv6 Address or DNS PTR Lookup
Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
by Plugger
Cisco Agent Desktop - Denial of Service via Spoofed TCP Timestamp Packet
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.
by Daniel Hartmeier
picasm < 1.12b - Stack-Based Buffer Overflow via Long Error Message
Stack-based buffer overflow in the error directive in picasm 1.12b and earlier allows attackers to execute arbitrary code via a long error message.
by Shaun Colley
Bakbone Netvault - Remote Code Execution via Large Packet to Port 20031
Heap-based buffer overflow in the demo version of Bakbone Netvault, and possibly other versions, allows remote attackers to execute arbitrary commands via a large packet to port 20031.
by nolimit
Linux Kernel < 2.6.12 - Denial of Service and Arbitrary Code Execution via pkt_ioctl Function
The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users to cause a denial of service and possibly execute arbitrary code, a similar vulnerability to CVE-2005-1264.
by alert7
Gaim - Stack-Based Buffer Overflow via URL Parsing in Instant Message
Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL.
by Ron
By Source