C Exploits
3,628 exploits tracked across all sources.
Apache HTTP Server 2.0.52 - Buffer Overflow via Long Realm Argument
Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
by K-sPecial
Hosting Controller < 6.1 Hotfix 1.9 - Unauthenticated Arbitrary User Registration via Direct Request
Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users via a direct request to addsubsite.asp with the loginname and password parameters set.
by Silentium
Ethereal - Denial of Service in TZSP MGCP ISUP SMB or Bittorrent Dissectors
Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, (4) SMB, or (5) Bittorrent dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors.
by Nicob
Apache HTTP Server 2.0.52 - Buffer Overflow via Long Realm Argument
Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
by Luca Ercoli
4D WebSTAR 5.33 and 5.4 - Buffer Overflow via Long URL
Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL.
by Braden Thomas
Ce/Ceterm <2.5.4 - Local Privilege Escalation
Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows local users to write to arbitrary files via a symlink attack on the ce_edit_log temporary file.
by Kevin Finisterre
ArcGIS for ESRI ArcInfo Workstation 9.0 - Privilege Escalation
Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to (1) wservice or (2) lockmgr.
by Kevin Finisterre
Golden FTP Server 1.92 - Remote Code Execution via Long USER Command
Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long USER command.
by darkeagle
Golden FTP Server 1.92 - Remote Code Execution via Long USER Command
Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long USER command.
by c0d3r
snmppd 0.4.5 - Remote Code Execution via Format String in snmppd_log
Format string vulnerability in the snmppd_log function in snmppd_util.c for snmppd 0.4.5 and earlier may allow remote attackers to cause a denial of service or execute arbitrary code via format string specifiers that are not properly handled in a syslog call.
by cybertronic
NetLeaf Limited NotJustBrowsing <1.0.3 - Info Disclosure
NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in plaintext in the notjustbrowsing.prf file, which allows local users to gain privileges.
by Kozan
Cybration ICUII 7.0 - Info Disclosure
Cybration ICUII 7.0 stores passwords in plaintext in the world-readable icuii.ini file, which allows local users to gain privileges.
by Kozan
StumbleInside GoText 1.01 - Info Disclosure
StumbleInside GoText 1.01 stores sensitive username, mail address,and phone number information in plaintext in the GoText.bin file, which allows local users to obtain that information.
by Kozan
ExoticSoft FilePocket 1.2 - Privilege Escalation
ExoticSoft FilePocket 1.2 stores sensitive proxy information, including proxy passwords, in plaintext in the registry, which allows local users to gain privileges.
by Kozan
MySQL MaxDB Webtool 7.5.00.23 - Remote Stack Overflow
by cybertronic
BakBone NetVault 7.1 - Privilege Escalation
nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop privileges before opening files, which allows local users to gain privileges via the Help menu.
by Reed Arvin
Altiris Client 6.0.88 - Service Privilege Escalation
by Reed Arvin
tcpdump < 3.9.1 - Denial of Service via RSVP Packet Length 4
The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4.
by vade79
tcpdump < 3.9.1 - Denial of Service via Zero-Length GRE Packet
The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet.
by vade79
tcpdump < 3.8.3 - Denial of Service via BGP or LDP Packet Handling
tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function.
by vade79
tcpdump < 3.8.3 - Denial of Service via BGP or LDP Packet Handling
tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function.
by vade79
By Source