C Exploits

3,619 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-4029 EXPLOITDB c
X.Org xserver <1.11.2 - Info Disclosure
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.
CVE-2003-0947 EXPLOITDB c
wireless_tools - Buffer Overflow via Long OUT Environment Variable
Buffer overflow in iwconfig, when installed setuid, allows local users to execute arbitrary code via a long OUT environment variable.
CVE-2010-3848 EXPLOITDB c
Linux Kernel < 2.6.36.2 - Local Privilege Escalation via Econet iovec Structures
Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures.
CVE-2010-3850 EXPLOITDB c
Linux kernel <2.6.36.2 - Privilege Escalation
The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call.
CVE-2010-3849 EXPLOITDB c
Linux Kernel < 2.6.36.2 - Denial of Service via NULL Pointer Dereference in econet_sendmsg
The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field.
CVE-2010-3850 EXPLOITDB c
Linux kernel <2.6.36.2 - Privilege Escalation
The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call.
CVE-2008-0009 EXPLOITDB c
Linux kernel <2.6.25 - Memory Corruption
The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.
CVE-2007-1730 EXPLOITDB c
Linux Kernel 2.6.20 and later - Denial of Service via Negative optlen in DCCP getsockopt
Integer signedness error in the DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service (oops) via a negative optlen value.
CVE-2007-1730 EXPLOITDB c
Linux Kernel 2.6.20 and later - Denial of Service via Negative optlen in DCCP getsockopt
Integer signedness error in the DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service (oops) via a negative optlen value.
CVE-2008-0009 EXPLOITDB c
Linux kernel <2.6.25 - Memory Corruption
The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.
CVE-2008-0010 EXPLOITDB c
Linux kernel <2.6.25 - Info Disclosure
The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations.
CVE-2005-0750 EXPLOITDB c
Linux Kernel <2.6.11.5 - Privilege Escalation
The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.
CVE-1999-0032 EXPLOITDB c
IRIX - Local Buffer Overflow via lpr -C Option
Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.
CVE-2015-1318 EXPLOITDB c
Apport <2.17.1 - Privilege Escalation
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).
CVE-2000-0263 EXPLOITDB c
Red Hat Linux 6.x - Denial of Service via Malformed X Font Server Request
The X font server xfs in Red Hat Linux 6.x allows an attacker to cause a denial of service via a malformed request.
CVE-2011-3192 EXPLOITDB c
Apache HTTP Server 1.3.x 2.0.35-2.0.64 2.2.0-2.2.19 - Denial of Service via Range Header Overlap
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
CVE-2017-8221 EXPLOITDB HIGH c
Wireless IP Camera (P2P) WIFICAM - Missing Encryption of Sensitive Data via Cleartext UDP Tunnel
Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunnel protocol (aka the Cloud feature) for communication between an Android application and a camera device, which allows remote attackers to obtain sensitive information by sniffing the network.
CVSS 7.5
CVE-2017-8222 EXPLOITDB HIGH c
Wireless IP Camera (P2P) WIFICAM - Insufficiently Protected Credentials via Hardcoded RSA Key
Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS Push Services" private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to obtain sensitive information.
CVSS 7.5
CVE-2017-8223 EXPLOITDB HIGH c
Wireless IP Camera (P2P) WIFICAM - Unauthenticated RTSP Stream Access via Port 10554
On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the RTSP server on port 10554/tcp to watch the streaming without authentication via tcp/av0_1 or tcp/av0_0.
CVSS 7.5
CVE-2017-8224 EXPLOITDB CRITICAL c
Wireless IP Camera (P2P) WIFICAM Firmware - Use of Hard-coded Credentials
Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET.
CVSS 9.8
CVE-2002-2087 EXPLOITDB c
Borland InterBase 6.0 - Local Buffer Overflow via INTERBASE Environment Variable
Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_drop, (2) gds_lock_mgr, or (3) gds_inet_server.
CVE-1999-0032 EXPLOITDB c
IRIX - Local Buffer Overflow via lpr -C Option
Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.
CVE-2005-2232 EXPLOITDB c
IBM AIX 5.1.0-5.3.0 - Buffer Overflow via Long Command Line Argument
Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitrary code via a long command line argument.
CVE-2024-23897 GITHUB CRITICAL c
Jenkins cli Ampersand Replacement Arbitrary File Read
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
by Pocland-db
3 stars
CVSS 9.8
CVE-2022-25012 GITHUB MEDIUM c
Argus Surveillance DVR 4.0 - Inadequate Encryption Strength
Argus Surveillance DVR v4.0 employs weak password encryption.
by Pocland-db
3 stars
CVSS 5.5
By Source
All 3,619 Writeup 61,941 Exploitdb 50,073 Nomisec 22,294 Github 3,475 Metasploit 3,294 Vulncheck_xdb 926 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,383 python 6,491 ruby 5,984 c 3,619 perl 2,849 html 2,071 php 1,331 bash 462 java 370 c++ 255 javascript 227 shell 126 go 72 postscript 25 typescript 25