C Exploits
3,631 exploits tracked across all sources.
MPlayer 0.9/1.0 - MMST Get_Header Remote Client-Side Buffer Overflow
by Ariel Berkman
Ricoh Aficio 450/455 PCL 5e Printer - ICMP Denial of Service
by x90c
Linux Kernel 2.4.x-2.4.28 and 2.6.x-2.6.9 - Denial of Service via scm_send Deadlock
The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system hang) via crafted auxiliary messages that are passed to the sendmsg function, which causes a deadlock condition.
by Paul Starzetz
Linux kernel 2.4.22-2.4.28 and 2.6.x-2.6.9 - Denial of Service and Remote Code Execution via IGMP Functionality
Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.
by Paul Starzetz
Ricoh Aficio 450/455 PCL Printer - Remote ICMP Denial of Service
by Hongzhen Zhou
Monolith Productions Contract Jack - Denial of Service
The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) No one lives forever 2 1.3 and earlier, (3) Tron 2.0 1.042 and earlier, (4) F.E.A.R. (First Encounter Assault and Recon), and possibly other games, allows remote attackers to cause a denial of service (connection refused) via a UDP packet that causes recvfrom to generate a return code that causes the listening loop to exit, as demonstrated using zero byte packets or packets between 8193 and 12280 bytes, which result in conditions that are not "Operation would block."
by Luigi Auriemma
Codename Eagle 1.42 - Socket Unreacheable Denial of Service
by Luigi Auriemma
Windows 2000 and Windows 2003 Server - Denial of Service via TCP Keep Alive Packet Flood
The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the correct sequence number but the wrong Acknowledgement number, which generates a large number of "keep alive" packets. NOTE: some followups indicate that this issue could not be replicated.
by Antonio M. D. S. Fortes
Citadel/UX <= 6.27 - Remote Code Execution via lprintf Format String
Format string vulnerability in the lprintf function in Citadel/UX 6.27 and earlier allows remote attackers to execute arbitrary code via format string specifiers sent to the server.
by CoKi
CUPS 1.1.22 - Denial of Service via lppasswd File Handling
lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail.
by Bartlomiej Sieka
NapShare 1.2 - Buffer Overflow via Gnutella Response
Buffer overflow in the auto_filter_extern function in auto.c for NapShare 1.2, with the extern filter enabled, allows remote attackers to execute arbitrary code via a crafted gnutella response.
by Bartlomiej Sieka
Battlefield 1942 and Vietnam - Denial of Service via Large numplayers Server Reply
Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and earlier, allows a remote master server to cause a denial of service (client crash) via a server reply that contains a large numplayers value, which triggers a null dereference.
by Luigi Auriemma
Linux Kernel 2.6.x - 'AIO_Free_Ring' Local Denial of Service
by Darrick J. Wong
NapShare 1.2 - Buffer Overflow via Gnutella Response
Buffer overflow in the auto_filter_extern function in auto.c for NapShare 1.2, with the extern filter enabled, allows remote attackers to execute arbitrary code via a crafted gnutella response.
by Bartlomiej Sieka
phpBB 1.0.0/2.0.10 - 'admin_cash.php' Remote Code Execution
by evilrabbi
Kreed <= 1.05 - Denial of Service via Long Nickname or Model Type
The scripts that handle players in Kreed 1.05 and earlier allow remote attackers to cause a denial of service (server freeze) via a long (1) nickname or (2) model type, which generates dialog boxes on the server that must be manually handled before the server continues the game.
by Luigi Auriemma
Mercury (Pegasus) Mail 4.01 - Remote Code Execution via IMAP SELECT Command
Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SELECT command.
by JohnH
Neverwinter Nights special - Fake Players Denial of Service
by Luigi Auriemma
Aspell - Stack-Based Buffer Overflow via Wordlist Compression
Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.
by c0d3r
Mercury (Pegasus) Mail 4.01 - Remote Code Execution via IMAP SELECT Command
Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SELECT command.
by JohnH
Jana Server 2.4.4 - 'http/pna' Denial of Service
by Luigi Auriemma
Orbz 2.10 - Buffer Overflow via Long Password Field in Join Request
Buffer overflow in Orbz 2.10 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long password field in a join request.
by Luigi Auriemma
WS_FTP Server 5.03 2004.10.14 - Denial of Service via Long SITE, XMKD, MKD, or RNFR Commands
Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands.
by NoPh0BiA
PHP 4.x-5.0.0RC3 - Remote Code Execution
The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.
by Gyan Chawdhary
By Source