C Exploits
3,628 exploits tracked across all sources.
Linux kernel <2.6.12 - Memory Corruption
Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.
by sd
OpenBSD 2.0 < 3.6 - TCP Timestamp Remote Denial of Service
by RusH
paNews 2.0.4b - Remote Code Execution via admin_setup.php Parameters
admin_setup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php.
by Silentium
Windows 2003 Server and XP - Denial of Service via IPv6 Land Attack
The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, a variant of CVE-2005-0688 and a reoccurrence of the "Land" vulnerability (CVE-1999-0016).
by RusH
Aztek Forum 4.0 - Unauthenticated Database File Exposure via Export Index Action
The export_index action in myadmin.php for Aztek Forum 4.0 allows remote attackers to obtain database files, possibly by setting the ATK_ADMIN cookie.
by sirius_black
Computer Associates License Client 0.1.0.15 - Remote Code Execution via Long Filename in PUTOLF Request
Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to execute arbitrary code via a long filename in a PUTOLF request.
by class101
AWStats 6.3 and 6.4 - Information Disclosure via Debug Parameter
awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter.
by omin0us
Scrapland 1.0 and earlier - Denial of Service via Error Handling
Scrapland 1.0 and earlier allows remote attackers to cause a denial of service (server termination) by triggering an error, which is treated as a fatal error by the server, as demonstrated using (1) signed integers for size values, (2) an invalid model, (3) a "newpos" value that is less than or equal to a size value, or (4) partial packets.
by Luigi Auriemma
Working Resources BadBlue 2.55 - MFCISAPICommand Remote Buffer Overflow (2)
by class101
BadBlue 2.55 - Remote Code Execution via Long mfcisapicommand Parameter
Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to execute arbitrary code via a long mfcisapicommand parameter.
by class101
Stormy Studios Knet <= 1.04c - Buffer Overflow via Long HTTP GET Request
Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request.
by CorryL
wu-ftpd 2.6.1-2.6.2 - Denial of Service via Glob Pattern Recursion
The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.
by str0ke
Soldier of Fortune II 1.03 gold - Denial of Service via Large cl_guid Value
Soldier of Fortune II 1.03 gold allows remote attackers to cause a denial of service (application crash) via a large cl_guid value, which results in an invalid pointer dereference.
by Luigi Auriemma
Chat Anywhere 2.72a - Info Disclosure
Chat Anywhere 2.72a stores sensitive information such as passwords in plaintext in the .INI file for a chatroom, which allows local users to gain privileges.
by Kozan
SendLink 1.5 - Privilege Escalation
SendLink 1.5 stores sensitive information, possibly including passwords, in plaintext in the data.eat file, which allows local users to gain privileges.
by Kozan
eXeem 0.21 - Plaintext Password Storage in Registry
eXeem 0.21 stores sensitive information such as passwords in plaintext in the Exeem registry key, which allows local users to gain privileges via the proxy_user and proxy_password values.
by Kozan
SHOUTcast 1.9.4 - Remote Code Execution via Format String in Content URL
Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the filename portion of a .mp3 file.
by mandragore
Thomson TCW690 Cable Modem - Unauthenticated Password Bypass via RgSecurity Form
The RgSecurity form in the HTTP server for the Thomson TCW690 cable modem running firmware 2.1 and software ST42.03.0a does not properly validate the password before performing changes, which allows remote attackers on the LAN to gain access via a direct POST request.
by MurDoK
3Com 3CDaemon 2.0 revision 10 - Buffer Overflow via Long FTP Command Argument
Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via (1) a long username in the USER command or (2) an FTP command that contains a long argument, such as cd, send, or ls.
by class101
By Source